Netscout insights: DDoS attacks are dominating the cyber threat landscape

Netscout has today released its latest research detailing how rapidly the distributed denial-of-service (DDoS) attack landscape is evolving.

Having monitored more than eight million DDoS attacks globally in the first half of 2025, including more than 3.2 million in EMEA, the organisation finds that DDoS attacks have “evolved into precision-guided weapons of geopolitical influence capable of destabilising critical infrastructure”.

DDoS attacks are a type of cyberattack designed to force a website, computer or online service offline. This is achieved by flooding the target with many requests so that they are unable to respond.

Through its new research, Netscout reveals that AI integration, persistent hacktivist campaigns and nation-state actors weaponise DDoS attacks, therefore creating unprecedented risks for organisations globally.

“As hacktivist groups leverage more automation, shared infrastructure and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” said Richard Hummel, director, threat intelligence at NETSCOUT. “The integration of AI assistants² and the use of large language models (LLMs), such as WormGPT and FraudGPT, escalates that concern.

“And, while the recent takedown of NoName057(16) was successful in temporarily reducing the group’s DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed. Organisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today.”

Hacktivist groups like NoName057(16) have orchestrated hundreds of coordinated strikes each month, targeting communications, transportation, energy and defence sectors. In fact, NoName057(16) claimed responsibility for more than 475 attacks in March 2025, Netscout says, 337% more than the next most active group as it targeted government websites in Spain, Taiwan and Ukraine.

As part of its research, Netscout observed more than 50 attacks greater than a terabit-per-second (Tbps) and multiple gigapacket-per-second (Gpps) attacks in the first half of 2025. Additionally, it found that botnet-driven attacks – attacks where bots carry out attacks – became more sophisticated, with more than 880 occurring daily in March, peaking at 1,600 incidents, with attack durations increasing to an average of 18 minutes.

Cyberattacks continue to become more of a threat the midst of geopolitical tensions and advancements in technology.

Recently in the telecommunications sector, several key companies have been at the receiving end of a cyberattack – including Colt, Bouygues Telecom, SK Telecom and Orange.

“AI-enhanced automation, multi-vector attacks and carpet-bombing techniques challenge traditional defences. Botnets compromised tens of thousands of IoT devices, servers and routers, delivering sustained attacks and causing significant disruption,” the report said.

“While each of these elements is dangerous on its own, in aggregate, they have formed the perfect storm, creating unprecedented cyber risk for organisations and service provider networks around the world.”

How Synechron is using AI to help businesses protect against cyber threats

AI now lies, denies, and plots: OpenAI’s o1 model caught attempting self-replication