"The current IoT threat landscape shows that it does not require much to exploit an embedded device," Symantec researchers wrote in the report, which was headlined "IoT devices being increasingly used for DDoS attacks." "While we have come across several malware variants exploiting device vulnerabilities—such as Shellshock or the flaw in Ubiquiti routers—the majority of the threats simply take advantage of weak built-in defenses and default password configurations in embedded devices." The growing supply of IoT malware is creating a tipping point in the denial-of-service domain that's giving relatively unsophisticated actors capabilities that were once reserved only for the most elite of attackers. And that, in turn, represents a threat to the Internet as we know it.

http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/