NETSCOUT Report Highlights Rising Sophistication and Scale of Global DDoS Attacks

NETSCOUT Report Highlights Rising Sophistication and Scale of Global DDoS Attacks

Bengaluru, Mar 5: NETSCOUT Systems, Inc. has released its DDoS Threat Intelligence Report for the second half of 2025, revealing significant shifts in the scale, sophistication, and coordination of Distributed Denial-of-Service (DDoS) attacks worldwide. According to the report, more than eight million DDoS attacks were recorded across 203 countries and territories, with some attacks reaching sizes of up to 30 terabits per second (Tbps).

The findings indicate a new era of hyper-scale cyber threats driven by AI adoption, coordinated botnets, and persistent hacktivist groups. The rapid growth of DDoS-for-hire services is also enabling a wider range of threat actors to launch complex attacks, increasing operational risks for digitally connected enterprises and organizations.

Security experts warn that the implications extend beyond large-scale traffic floods. Attackers are now leveraging reconnaissance techniques and adaptive evasion strategies, challenging traditional security defenses and requiring organizations to adopt intelligent and automated protection systems.

“Threat actors actively target organizations that lack advanced defenses to withstand sophisticated and coordinated DDoS attacks that can disrupt critical infrastructure,” said Richard Hummel, Director of Threat Intelligence at NETSCOUT. “Traditional security measures are no longer sufficient. As attack size and complexity reach new levels, automated and proactive defenses are now essential business safeguards rather than just technical tools.”

Key Findings from the Report

• Massive Global Attack Volume: Over eight million DDoS attacks were detected across 203 countries and territories in the second half of 2025.

• Multi-Vector Attack Strategies: Around 42% of attacks involved two to five attack vectors, with some dynamically adapting during the attack to evade detection.

• Impact on Broadband and Mobile Providers: Compromised IoT devices and customer-premises equipment generated outbound traffic floods exceeding 1 Tbps, posing risks for service providers.

• Critical Infrastructure Targeted: High-value services such as NTP and DNS systems continue to experience sustained attack pressure, emphasizing the need for resilient network architectures.

• Growing Threat Actor Collaboration: A surge of more than 20,000 botnet-driven attacks in July 2025 demonstrated how coordinated campaigns can overwhelm defenses and disrupt government, finance, and transportation systems.

• Persistent Hacktivist Activity: Despite international efforts to dismantle DDoS-for-hire platforms, hacktivist groups and botnet operators continue to operate and evolve.

• AI-Driven Threat Expansion: The report highlights a 219% increase in discussions of malicious AI tools across underground forums, with threat actors using large language models (LLMs) to accelerate vulnerability discovery and botnet expansion.

NETSCOUT monitors the global DDoS landscape through passive internet vantage points, offering deep visibility into attack trends. For more than 15 years, the company has provided intelligence based on directly observed attack traffic, ensuring consistent and verifiable analysis.

The company currently protects two-thirds of the routed IPv4 internet, securing network edges that carried peak global traffic of over 800 Tbps during the second half of 2025. Its monitoring infrastructure spans 376 industry sectors and 12,698 Autonomous System Numbers (ASNs), enabling the detection of tens of thousands of DDoS attacks daily.

Resources

• Download the NETSCOUT DDoS Threat Intelligence Report H2 2025

• View real-time attack insights on the NETSCOUT Cyber Threat Horizon platform