NETSCOUT reveals shift in DDoS attack landscape

The evolving landscape of Distributed Denial-of-Service (DDoS) attacks has been thoroughly documented in the latest research from NETSCOUT® SYSTEMS, INC. The first half of 2025 witnessed more than 8 million DDoS attacks worldwide, with over 3.2 million targeting the EMEA region. These attacks have now evolved into precision-guided tools of geopolitical influence, threatening to destabilise critical infrastructure.

Prominent hacktivist groups, such as NoName057(16), have organised hundreds of systematic attacks monthly, focusing on sectors like communications, transportation, energy, and defence. The emergence of DDoS-for-hire services has lowered barriers, allowing even inexperienced users to mount complex attack campaigns. Advanced tactics, including AI-enhanced automation, multi-vector strategies, and carpet-bombing techniques, are challenging conventional defensive measures.

The research highlights several alarming trends:

• Global Assault Levels: More than 50 attacks exceeded a terabit-per-second (Tbps), along with multiple gigapacket-per-second (Gpps) incidents. A particular highlight was a 3.12 Tbps attack in the Netherlands.
• Interlinked Geopolitical Events: Tensions between nations, such as the India-Pakistan conflict in May and ongoing Iran-Israel tensions in June, triggered significant spikes in DDoS activities.
• Botnet Evolution: Bot-driven DDoS attacks peaked at 1,600 daily occurrences in March, demonstrating increased sophistication and duration.
• Emerging Threat Actors: New entities, including DieNet and Keymous+, have taken advantage of available "DDoS-for-hire" tools to conduct attacks across numerous sectors and countries.
• Dominance of Established Groups: NoName057(16) remains a leading threat, executing more aggressive tactics, particularly against government sites worldwide.

Richard Hummel, director of threat intelligence at NETSCOUT, warns of the growing threat posed by evolving tactics combined with AI-powered tools. The integration of AI assistants and large language models, like WormGPT and FraudGPT, escalates concerns. Though successful at temporarily curbing activities, actions against groups like NoName057(16) offer no long-term guarantee. Organisations must adopt intelligence-driven, resilient DDoS defences to combat ongoing sophisticated threats.

NETSCOUT continues to offer unparalleled global visibility into attack trends, covering two-thirds of the routed IPv4 space. Their systems secure essential network infrastructure, observing peak global traffic while tracking tens of thousands of DDoS attacks daily. Utilising both botnets and DDoS-for-hire services, they monitor millions of compromised devices aiding attackers globally.