Botnet activity has gone up a lot in the past year. Security researchers have been keeping track of record-breaking distributed denial-of-service (DDoS) attacks. Spamhaus said that the number of botnet command-and-control (C2) servers grew by 26% in the first half of 2025 and then by another 24% in the second half.
The rise of Mirai-based variants that keep getting bigger and more powerful, the widespread availability of open-source botnet code, and the rapid growth of poorly secured IoT devices are all factors in this ongoing rise. Mirai, which was first discovered in 2016, is still one of the most powerful types of malware in the botnet ecosystem.
It works by looking for devices on the internet that have ARC processors and are usually running a basic version of Linux. It then infects them by either taking advantage of known security holes or just logging in with the default factory settings. Satori, which was first seen in late 2017, is one of the most well-known offspring.
It used a vulnerability in the OS command injection of D-Link DSL-2750B devices to infect more than 260,000 home and small-office routers. Aisuru-KimWolf is the most dangerous botnet family out there right now. It has been behind some of the biggest DDoS attacks ever, like one that sent 31.4 terabits per second and another that sent 14.1 billion packets per second. Mirai and its relatives will keep finding new places to spread as long as millions of home routers stay unpatched and their default passwords stay the same.
