There is very little difference between cybercriminals & business over the internet. Service Hosting companies sell & protect the privacy of every user including cybercriminals. Cyber attackers are buying legitimate services like DDOS-For-Work, Infrastructure hosting services. There is a proper project management tools, development tools, techniques, services & infrastructure to carry out a cyber attack.
Here is another online service that helps anybody to discover all the IoT devices connected to the internet: Smart TV, Toaster, Refrigerator, Radio etc.
As a marketing pitch here is what they sell.

However, let’s take an example. If someone got to know that there is a smart TV, AC, Radio in your house with the default password of the router. Do you think they would leave it as it is? Nope!. They would use it to hack it or use it to attack others.
Try below Url to see how many devices are open to exploits with default password.
https://www.shodan.io/search?query=%22default+password%22
As per the common internet surfer mindset, what anybody can achieve if they hack my Toaster. That is the world we are living in.