Stay compliant, avoid costly delays, and keep your products in the EU market. Learn more about our CRA services
A logo for the website kokobo
A logo for the website kokobo

Enterprise Infrastructure Under Siege: The January 2026 IoT Vulnerability Landscape

  • January 16, 2026
  • Gregory Boyrazian

Shifting from European policy to the frontlines of global cybersecurity, January 2026 has been a brutal month for internet-connected devices. Threat actors are launching automated attacks against IoT devices at a staggering rate, and the targets have expanded far beyond simple consumer gadgets. We are seeing a massive pivot toward compromising enterprise edge devices and core infrastructure.

The RondoDox Botnet and HPE OneView

In early January 2026, security researchers identified an active, large-scale exploitation campaign targeting CVE-2025-37164, a critical unauthenticated remote code execution vulnerability in HPE OneView. For context, OneView is a centralized infrastructure management platform used heavily in enterprise data centers.

The attacks were driven by the newly discovered RondoDox botnet, which launched over 40,000 automated attack attempts in a tight four-hour window on January 7. The targets weren’t random; they focused heavily on government, financial services, and industrial manufacturing organizations. RondoDox proves that modern IoT botnets are evolving. They are no longer just hijacking smart refrigerators to launch nuisance attacks; they are actively hunting for the management platforms that control enterprise server racks and storage arrays.

The 15.7 Tbps Azure Attack and the Aisuru Botnet

While enterprise infrastructure is under attack, consumer devices are still being weaponized at an unprecedented scale. Just weeks ago, Microsoft Azure absorbed what it described as one of the largest Distributed Denial of Service (DDoS) attacks ever recorded. The multi-vector attack peaked at a mind-bending 15.72 Tbps and 3.64 billion packets per second.

The source of this massive traffic spike? The Aisuru IoT botnet. Aisuru successfully recruited over 500,000 compromised home routers, surveillance cameras, and DVRs globally. Because edge devices like routers and IP cameras are rarely updated by consumers and frequently sit outside of traditional security perimeters, they offer threat actors an almost limitless pool of high-bandwidth nodes to hijack.

The Expanding Attack Surface

The 2026 threat landscape is heavily defined by the sheer volume of unmanaged devices. Recent industry reports indicate that routers and switches now average over 30 vulnerabilities per device and account for a massive percentage of critical risks in enterprise networks.

Common IoT Attack Vectors in 2026 include:

  • Unauthenticated Remote Code Execution (RCE): Exploiting flawed firmware to run malicious code without needing login credentials.
  • Credential Brute-Forcing: Using automated scripts to guess default or weak administrative passwords on exposed Telnet or SSH ports.
  • Supply Chain Infiltration: Compromising third-party libraries incorporated into the device firmware.
  • Man-in-the-Middle (MitM) Data Interception: Sniffing unencrypted plaintext telemetry data from IoT sensors to cloud platforms.

Defending against this requires a shift in architecture. Organizations must move toward continuous, passive device discovery to maintain an accurate inventory of what is actually on their network. Network segmentation is no longer optional—IoT devices must be strictly isolated from critical IT systems, and outbound traffic from these devices must be heavily scrutinized.