The specific security requirements of a typical IoT (Internet of Things) system tend to be complex. They surpass the conventional security prerequisites of integrity, confidentiality, and availability. In addition to these factors, the security requirements of the revolutionary IoT system also need to address authorization, authentication, data freshness, and non-repudiation along with forward as well as backward secrecy.

The overall IoT architecture is not yet completely standardized. As such, the IoT devices & applications are highly vulnerable to a wide range of possible malware attacks that could intervene with the daily lives of users across the globe. Over the past years, IoT applications have been prone to attacks. Here are some of the most discussed IoT security attacks in recent times:

Mirai Botnet:

This IoT attack was responsible for affecting several interconnected devices with the help of a DDoS attack. The Mirai Botnet was known for taking down major Internet services including Twitter, CNN, The Guardian, Shopify, Netflix, and so more. The malicious code leveraged devices that were not updated and were using default usernames and/or passwords.


The Stuxnet IoT attack aimed at targeting industrial PLCs (Programmable Logic Controllers). The main purpose of this attack was aimed at sabotaging the uranium enrichment facility located in Natanz, Iran. As a result of this attack, 1,000 centrifuges were destroyed.

Cold in Finland:

Cybercriminals were successful in shutting down the centralized heating systems in Lappeenranta, Finland, in November, This was another instance of a DDoS attack and this security breach was able to make the heating controllers continually reboot the system. As a result, the heating system did not operate.  At the time temperatures in the city of Lappeenranta in Finland dipped below freezing so this IoT attack caused significant harm.


Similar to the Mirai Botnet IoT vulnerability, the Brickerbot attack also relied upon a DDoS attack. This security breach took advantage of the fact that the users did not change default usernames or passwords of IoT devices. The main difference between the Mirai Botnet and Brickerbot attacks was that the latter was responsible for destroying the device (as the name implies).

The Botnet Barrage:

A report released by Verizon Wireless claimed an attack aimed at 5,000 IoT devices in an unnamed University. As the University IT staff members started receiving complaints regarding slow or inaccessible Internet accessibility, the staff discovered that the respective name servers were showing a high number of alerts. In addition to this, the servers also revealed an abnormal number of sub-domains that were related to seafood. In this IoT attack, the Botnet spread across the various interconnected IoT devices through the vulnerability of weak passwords.

The Internet of Things (IoT) is growing exponentially.   Therefore, the software developers must aim at making the IoT devices more secure and reliable.