The report, published on Tuesday, suggests the overall number of DDoS attacks has not risen significantly in 2016, but that the force of these attacks is increasing. Akamai says it confronted 19 “mega attacks” in the third quarter of this year, including the two biggest it has ever encountered in history.

“It’s interesting that while the overall number of attacks fell by 8% quarter over quarter, the number of large attacks, as well as the size of the biggest attacks, grew significantly,” said the report.

The prime targets for the 19 “mega” attacks, which Akamai defines as those that reach over 100 Gbps, were media and entertainment companies, though gaming and software firms were also hit.

The two record-breaking attacks, reaching 623 Gbps and 555 Gbps, were directed at security blogger Brian Krebs. The attacks succeeded in taking down Krebs’ website until Jigsaw, a unit of Google’s parent company Alphabet (GOOG), deployed its Project Shield service to deflect the attack.

The reason for this recent surge in mega attacks is tied to security defects in the “Internet of things.” This involves hackers taking over millions of everyday devices connected to the Internet—especially DVRs, security cameras and home routers—and conscripting them to be part of a bot-net army, known as Mirai.

Mirai gained widespread notoriety in October, after hackers briefly used it to obstruct consumers’ access to popular sites like Amazon and Twitter, and many of the devices under its control are still compromised. As Akamai suggests, the Internet of Things problem may just be beginning.

“There are many more IoT devices in existence that share similar vulnerabilities and will provide tempting targets to attackers. Until IoT security becomes a primary concern for manufacturers, this type of malware will be increasingly common,” says the company.