If you examine some of the major botnet variants from the last few years, you'll notice that their success is driven primarily based on the lack of good cyber hygiene applied to IoT devices.
Bashlight, for example, compromised more than a million IoT devices by taking advantage of default usernames and passwords. Mirai and Remaiten searched for devices running the telnet service, and then ran a dictionary attack against identified devices. Darlloz exploited a PHP software vulnerability.
These botnets evolve so that when their primary infection vector is shut down, they apply new ones that again look for basic vulnerabilities that should not have been open in the first place.
The goal ...