DDoS attacks dominate threats to critical infrastructure
New research from NETSCOUT looking at the DDoS attack landscape shows that this method has evolved into a precision-guided weapon of geopolitical influence capable of destabilizing critical infrastructure.
Based on monitoring of more than eight million DDoS attacks globally in the first half of 2025, the study shows hacktivist groups like NoName057(16) have orchestrated hundreds of coordinated strikes each month, targeting the communications, transportation, energy, and defence sectors.
The barriers to entry for attackers have lowered too, DDoS-for-hire services have democratized attack tools, enabling novice actors to execute sophisticated attack campaigns. AI-enhanced automation, multi-vector attacks, and carpet-bombing techniques challenge traditional defenses. Botnets made up of tens of thousands of IoT devices, servers, and routers, can deliver sustained attacks and cause significant disruption. While each of these elements is dangerous on its own, together they have formed the perfect storm, creating unprecedented cyber risk for organizations and service provider networks around the world.
NETSCOUT observed more than 50 attacks greater than a terabit-per-second (Tbps) and multiple gigapacket-per-second (Gpps) attacks in the first half of 2025, including a 3.12 Tbps attack in the Netherlands and a 1.5 Gpps attack in the United States.
Geopolitical events have triggered unprecedented DDoS attack levels. The India-Pakistan conflict saw hacktivist groups target the Indian government and financial sectors in May, while the Iran-Israel conflict generated more than 15,000 attacks against Iran and 279 against Israel in June.
More than 880 bot-driven DDoS attacks occurred daily in March, peaking at 1,600 incidents, with attack duration increasing to an average of 18 minutes. New threat actors have emerged too, using DDoS-for-hire infrastructure, DieNet orchestrated over 60 attacks since March, while Keymous+ launched 73 attacks across 28 industry sectors in 23 countries.
“As hacktivist groups leverage more automation, shared infrastructure, and evolving tactics, organisations must recognize that traditional defenses are no longer sufficient,” says Richard Hummel, director, threat intelligence at NETSCOUT. “The integration of AI assistants and the use of large language models (LLMs), such as WormGPT and FraudGPT, escalates that concern. And, while the recent takedown of NoName057(16) was successful in temporarily reducing the group’s DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed. Organizations need intelligence-driven, proven DDoS defenses that can deal with the sophisticated attacks we see today.”
You can get the full report from the NETSCOUT site.
Image credit: Funtap/depositphotos.com