By 
NETSCOUT® SYSTEMS, INC. (NASDAQ: NTCT) has released its latest cybersecurity research, confirming that Distributed Denial-of-Service (DDoS) attacks remain one of the most pressing threats to global digital infrastructure.
RELATED: NETSCOUT expands automated threat detection and response capabilities
DDoS Attacks Dominate Cybersecurity Landscape
The company recorded over 8 million DDoS attacks worldwide between January and June 2025, including 3.2 million incidents in the EMEA region alone.
Hacktivist groups like NoName057(16) orchestrated hundreds of coordinated strikes each month, targeting the communications, transportation, energy, and defence sectors. DDoS-for-hire services have democratised attack tools, enabling novice actors to execute sophisticated attack campaigns. AI-enhanced automation, multi-vector attacks, and carpet bombing techniques challenge traditional defences.
From Cybercrime to Geopolitical Weapon
According to the report, DDoS attacks are no longer random disruptions. They have evolved into precision-guided cyber weapons, increasingly used in geopolitical conflicts to destabilize critical infrastructure such as:
- Energy grids
- Telecommunications networks
- Financial systems
- Government services
NETSCOUT emphasized that these attacks now serve as tools of geopolitical influence, further escalating tensions in conflict-prone regions.
Escalating Risks to Critical Infrastructure
The findings highlight that attackers are refining their methods, shifting from large-scale brute force to targeted, high-impact attacks designed to cause maximum disruption.
“DDoS has become the frontline weapon of choice in today’s digital battlefield,” NETSCOUT’s research team noted, warning enterprises and governments to strengthen resilience against evolving cyber threats.
Strengthening Cyber Defense Strategies
With DDoS incidents on the rise, the report urges businesses, governments, and critical infrastructure providers to adopt proactive defense strategies, including:
- Advanced threat detection and mitigation
- Real-time monitoring of network traffic
- Cross-border cybersecurity collaboration
Botnets compromised tens of thousands of IoT devices, servers, and routers, delivering sustained attacks and causing significant disruption. While each of these elements is dangerous on its own, in aggregate, they have formed the perfect storm, creating unprecedented cyber risk for organisations and service provider networks around the world.
See Excerpts from the research statement.
Key research findings
- Massive Global Attack Volume– NETSCOUT observed more than 50 attacks greater than a terabit-per-second (Tbps) and multiple gigapacket-per-second (Gpps) attacks in the first half of 2025, including a 3.12 Tbps attack in the Netherlands and a 1.5 Gpps attack in the United States.
- Geopolitical Events Triggered Unprecedented DDoS Attacks – The India-Pakistan conflict saw hacktivist groups target the Indian government and financial sectors in May, while the Iran-Israel conflict generated more than 15,000 attacks against Iran and 279 against Israel in June.
- Botnet-Driven Attacks Gained Sophistication– More than 880 bot-driven DDoS attacks occurred daily in March, peaking at 1,600 incidents, with attack durations increasing to an average of 18 minutes.
- New Threat Actors Emerged – Leveraging DDoS-for-hire infrastructure, DieNet orchestrated over 60 attacks since March, while Keymous+ launched 73 attacks across 28 industry sectors in 23 countries.
- NoName057(16) Maintained Dominance– Claiming more than 475 attacks in March alone, 337% more than the next most active group, the hacktivist group targeted government websites in Spain, Taiwan, and Ukraine.
“As hacktivist groups leverage more automation, shared infrastructure, and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” stated Richard Hummel, director, threat intelligence, NETSCOUT.
“The integration of AI assistants and the use of large language models (LLMs), such as WormGPT and FraudGPT, escalates that concern. And, while the recent takedown of NoName057(16) was successful in temporarily reducing the group’s DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed. Organisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today.”
NETSCOUT maps the DDoS landscape through passive, active, and reactive vantage points, providing unparalleled visibility into global attack trends. NETSCOUT protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic of over 800 Tbps in 1H2025. It monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices.
