By 
Record-Breaking Quarter for Cyberattacks
The Middle East and North Africa (MENA) region witnessed an unprecedented 236% surge in Distributed Denial of Service (DDoS) attacks in the second quarter of 2025, according to a new StormWall threat analysis. This marks the highest volume of DDoS attacks ever recorded in the region.
RELATED: DDoS attacks on API up 140% as MENA companies find themselves under pressure in Q1 2025
The escalation was largely fueled by geopolitical conflicts, particularly the ongoing Israel-Palestine and Iran-Israel tensions. Hacktivist groups were responsible for 73% of malicious traffic, with government services and critical infrastructure bearing the brunt of the cyber onslaught.
Attack Trends and New Methods
StormWall, which operates dedicated scrubbing centers in the Middle East with over 5 Tbps of filtering capacity, identified major shifts in how attackers operate.
- API-layer attacks rose by 162%
- Probing attacks increased ninefold, signaling that attackers are conducting more reconnaissance before launching large-scale assaults.
- HTTP floods accounted for 48% of all API-targeting methods, powered by botnets of nearly 140,000 compromised devices.
Unlike traditional DDoS floods, API attacks now require 88% less traffic to disrupt services, averaging just 4.7 Gbps—making them harder to detect and mitigate.
Sectors Most Targeted
The financial sector remained the top target in Q2 2025, accounting for 38% of attacks, a 26% year-over-year increase.
- Government services: 16% of all attacks (53% increase)
- Telecommunications: 14% of total attacks
These industries face rising risks as attackers continue to refine methods that bypass traditional defenses.
Geographic Hotspots
From a national perspective, Saudi Arabia was the most targeted country, accounting for 22% of all regional attacks.
- Israel: share rose from 11% in Q1 to 19% in Q2 2025
- Iran: attacks increased from 16% to 17%
This data reflects shifting priorities of hacktivist groups aligned with regional political flashpoints.
Expert Insight
“Attackers used to rely on raw traffic volume, but now they focus on precision-targeted API attacks,” explained Ramil Khantimirov, Founder of StormWall. “These methods require far less bandwidth yet cause the same or greater disruption. Organizations must review and strengthen DDoS defenses to stay resilient.”
