The first half of 2025 witnessed more than 8 million distributed denial-of-service (DDoS) attacks worldwide, according to new figures from Netscout. The EMEA region absorbed over 3.2 million incidents, with peak strikes hitting 3.12 Tbps in speed and 1.5 Gpps in volume.
Once used mainly to cause digital disruption, DDoS has now evolved into a strategic instrument of geopolitical influence.
Adversaries are increasingly timing attacks to coincide with politically sensitive moments, striking at critical infrastructure when disruption carries maximum impact.
The surge highlights how cheap and accessible DDoS-for-hire services have lowered the bar for attackers, enabling even novices to launch campaigns using AI-driven automation, multi-vector strikes, and carpet-bombing techniques.
Botnets and Hacktivist Tactics
In March 2025 alone, attackers executed over 27,000 botnet-powered DDoS campaigns, often exploiting existing IoT vulnerabilities rather than new flaws. That month averaged 880 bot-driven incidents daily, peaking at 1,600. The assaults lasted longer too, averaging 18 minutes 24 seconds as adversaries combined multiple attack vectors to evade defenses.
Among hacktivist actors, NoName057 remained dominant, launching TCP ACK floods, SYN floods, and HTTP/2 POST attacks against governments in Spain, Taiwan, and Ukraine. A newer group, DieNet, carried out more than 60 strikes against targets ranging from U.S. transit systems to Iraqi government sites, expanding its scope to energy, healthcare, and e-commerce.
“As hacktivist groups leverage automation and AI-driven tools, traditional defenses are being outpaced,” warned Richard Hummel, Director of Threat Intelligence at Netscout.
He emphasised that the rise of LLM-enabled malware tools like WormGPT and FraudGPT is deepening the risk landscape. While the takedown of NoName057(16) slowed activity temporarily, Hummel cautioned that resilience, intelligence-led strategies, and next-generation DDoS defenses are essential to stay ahead of evolving threats.
