Why would anyone in their right mind attack IoT products directly (ie. disabling/destroying them), when using them as a large botnet is far, far more lucrative?
Well... Perhaps once IoT webcams are used for blackmail - but even that is a much more difficult task than "really big botnet attack really big sites" so the incentive isn't there
I know profit motivated attacks have eclipsed entertainment motivated ones, but that's partly been about the work required to get a 'strong' exploit going. Mirai used an easier access vector than Morris to get full ownership of target devices, so it wouldn't be hard for one person to copy and abuse.
I don't think this is going to become the norm - messing up a refrigerator isn't a lucrative goal - but I expect that it'll happen occasionally if systems stay this weak.
The best we can get out of direct attacks on IoT are new "security products that protect your IoT devices" in a reactive manner. Windows antivirus all over again.
Well... Perhaps once IoT webcams are used for blackmail - but even that is a much more difficult task than "really big botnet attack really big sites" so the incentive isn't there