IoT devices in synchronised attacks on targets represent a growing part of global Distributed Denial of Service (DDoS) weapon arsenals. There is a significant potential for attackers to use an IoT-related protocol, the Constrained Application Protocol (CoAP), deployed on IoT devices to marshal attacks.

The A10 Networks report on the state of DDoS weapons in the first quarter of 2019 examines the types of weapons and attacks being used and where they are coming from. While the most prevalent types of weapons leverage other more established technologies and internet protocols, such as the Network Time Protocol (NTP), Domain Name System (DNS) resolvers, and the Simple Services Discovery Protocol (SSDP), CoAP-based devices represent a fast-emerging new weapon type in botnet arsenals.