press room

The Rise of Thingbots in the Philippines

Share This Post

Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report, “Threat Analysis: The Hunt for IoT  – the Rise of Thingbots,” which continues to track Telnet activity, and the progressions of Mirai, as well as Persirai, a new thingbot.

The report exposes how IoT devices have been, and will continue to be one of the most highly exploitable tools in the arsenals of cyber attackers.

Image: Internet of Things devices connect the world around us and power our lives, but make us more vulnerable to being hacked

Cybersecurity remains a key issue in the Philippines, and even more so now with Filipinos becoming increasingly aware about cyber attacks and similar threats. In line with this, the government has committed P2 billion for the next three years to boost the country’s cybersecurity framework. The Department of Information Communication Technology, a government bureau established in 2016 to help police the Philippine internet, launched the National Cybersecurity Plan 2022 early this year.

Image: Countries where top 50 IP addresses reside

Image: Persirai-infected IP cameras and Command & Control servers, Asia, June 2017

As shown in the map above, cybersecurity will continue to remain a key concern in today’s ever connected world, driven by the rise of IoT. Hackers find new ways to leverage unprotected devices to launch cyber attacks. The reality remains – our world of unsecured devices is the new playground for hackers; and according to F5 Networks’ latest report, this is not going to change (until IoT manufacturers are forced to secure these devices), as IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers.

Image: Historical view of IoT attack growth by quarter, January 2016 through June 2017

Some of the key insights:

  • IoT attacks rose by 280%, attributed to the Mirai malware and its subsequent attacks (Image above)
  • China, previously the top source country from which attacking activity originated, has dropped off significantly, contributing less than 1% to the total attack volume
  • Spain has taken over as the leader in attacks, with 83% of attacks launched from a hosting provider network based there
  • Hackers are building thingbots based on specific disclosed vulnerabilities in IoT devices, rather than having to find new exploits

Image: Top 50 most attacked admin username and password combinations; 94% of respondents admit to using the same passwords as their usernames for logins

What does this mean for enterprises?

  • Have a DDoS strategy ready at hand
  • Ensure redundancy for critical services, and that they are prepared for downstream impact
  • Implement credential stuffing solutions
  • Train employees on the threat and vulnerability of IoT devices – the more aware they are of these threats, the less likely they are to become affected by the attacks

Threat Analysis: The Hunt for IoT  – the Rise of Thingbots is the third volume of F5 Networks’s IoT reports, following the second volume Threat Analysis Report: The Hunt for IoT. To find out more on the subject, the full report is available here with further detail on global and market trends.


About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to You can also follow @F5NetworksAPJ on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

More to Explore

Ardent icon white

How can we work together?

Drop us an email, ring our office or follow us on social media.