NETSCOUT Systems (NASDAQ: NTCT) has released its latest research into the rapidly evolving landscape of Distributed Denial of Service (DDoS) attacks, reporting over 8 million attacks worldwide during the first half of 2025. Of these, 3.2 million attacks were recorded across Europe, the Middle East, and Africa.
These attacks are no longer random disruptions; they have evolved into precision digital weapons, used for geopolitical influence and to destabilize critical infrastructure.
AI and “DDoS-for-Hire” Fuel the Storm
The report highlights how artificial intelligence (AI) is transforming cyberwarfare:
- Advanced automation enables multi-vector attacks.
- AI-driven random floods overwhelm traditional defenses.
- “DDoS-for-hire” services allow even novice attackers to launch large-scale attacks.
Meanwhile, vast botnet armies—consisting of compromised IoT devices, servers, and routers—have powered prolonged campaigns that caused widespread service outages.
Key Findings from NETSCOUT’s H1 2025 Report
- Massive Attack Volumes: More than 50 attacks exceeded 1 Tbps, including a 3.12 Tbps attack in the Netherlands and a 1.5 Gbps attack in the U.S.
- Geopolitical Triggers: Cyber activists targeted government and financial sectors in India amid India-Pakistan tensions, while the Iran-Israel conflict saw over 15,000 attacks on Iran and 279 on Israel.
- Botnet Complexity Rising: March recorded 880 daily attacks, peaking at 1,600 in a single day, with an average duration of 18 minutes.
- Emerging Threat Actors: Groups like DieNet (60+ attacks since March) and Keymous+ (73 attacks across 28 industries in 23 countries) emerged as new threats.
- Dominance of NoName057(16): This group carried out 475+ attacks in March alone, a 337% increase over its nearest rival, hitting government sites in Spain, Taiwan, and Ukraine.
Richard Hummel, Threat Intelligence Lead at NETSCOUT, commented:
“With attackers increasingly relying on automation, shared infrastructures, and AI-powered tools like WormGPT and FraudGPT, traditional defenses are no longer sufficient. Even after temporarily disrupting NoName057(16), its resurgence remains a real possibility. Organizations must adopt intelligence-driven defense strategies to withstand this new wave of advanced attacks.”
Unmatched Global Visibility
NETSCOUT provides unprecedented visibility into global DDoS activity by:
- Monitoring two-thirds of routed IPv4 traffic worldwide.
- Tracking over 800 Tbps of global traffic during H1 2025.
- Leveraging direct and indirect detection methods to identify tens of thousands of daily attacks.
Its Cyber Threat Horizon platform delivers real-time insights and statistics into DDoS campaigns, helping organizations understand and mitigate evolving threats.
Conclusion: DDoS Becomes the Ultimate Digital Weapon
The findings confirm that DDoS attacks have become one of the most dangerous digital weapons today. Driven by AI, botnets, and “for-hire” services, they pose unprecedented risks to telecoms, energy, transportation, and defense industries. To safeguard critical infrastructure, organizations must invest in advanced, intelligence-led cybersecurity solutions.
