In 2025 botnets started using residential proxy networks (like IPIDEA which Google disrupted in Jan) to spread to vulnerable IoT within home networks. DDoS quadrupled in size, a step change in the expected exponential growth trend (here shown on a log scale).

To diffuse the attack power, I convinced industry peers that we should publish the infection method. https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/ This led to a fragmentation of the bots across several botnets, reducing the largest attacks from 30 Tbps to 10 Tbps.

Today a multinational law enforcement action disrupted 4 of those botnets: Aisuru, KimWolf, JackSkid, and Mossad. https://www.justice.gov/usao-ak/pr/authorities-disrupt-worlds-largest-iot-ddos-botnets-responsible-record-breaking-attacks It will be interesting to watch how the peak attack sizes grow or decrease in the coming weeks!