Digital Aftershocks: Collateral Damage from DDoS Attacks

The NETSCOUT DDoS Threat Intelligence Report presents a succinct and research-driven analysis of the dynamic distributed denial-of-service (DDoS) attack and defense landscape. Intended to swiftly provide readers with actionable intelligence, the report offers critical insights essential for ongoing network management and strategic planning.

Organizations can no longer rely on reactive defenses against adversaries that adapt more rapidly than security teams can respond. The integration of artificial intelligence (AI), the persistence of botnets that swiftly regroup after takedowns, and the exploitation of known vulnerabilities conspire to create a confluence of cyber risk.

The following is a look at the highlights and key findings from the latest report.

Global Trends

• 8 million + DDoS attacks
• Highest throughput attack: 1.5Gpps
• Highest bandwidth attack: 3.12Tbps

Geopolitical Events Trigger Unprecedented DDoS

Campaigns

Major political events catalyzed massive attack spikes: During January’s World Economic Forum in Switzerland this year, we saw more than 1,400 attacks (double normal rates when compared with similar time periods in December 2024); Italy faced sustained targeting during political discussions; the India-Pakistan conflict saw hacktivist groups such as SYLHET GANG-SG and Keymous+ target Indian government and financial sectors; and the Iran-Israel conflict generated more than 15,000 attacks against Iran versus 279 against Israel.

Botnet-Driven Attacks Dominate with Increased

Sophistication

March 2025 averaged 880 bot-driven DDoS attacks daily, peaking at 1,600 incidents. Attack durations increased to an average of 18 minutes and 24 seconds, with threat actors employing complex multivector combinations and exploiting known vulnerabilities in Internet of Things (IoT) devices, servers, and routers.

NoName057(16) Maintains Dominance Among

Familiar Threat Actors

The hacktivist group NoName057(16) claimed more than 475 attacks in March alone, 337 percent more than the next most active group, targeting government websites in Spain, Taiwan, and Ukraine with TCP ACK floods, TCP SYN floods, and HTTP/2 POST requests.

New Threat Actors Emerge with DDoS-as-a-Service

Capabilities

DieNet orchestrated more than 60 attacks since March 2025, while Keymous+ confirmed 73 attacks across 28 industry sectors in 23 countries. Both groups leverage shared DDoS-for-hire infrastructure, lowering barriers to entry and expanding the threat landscape.

Conclusion

The relentless evolution of DDoS threats necessitates equally sophisticated defenses. NETSCOUT’s comprehensive protection ecosystem provides the multilayered defense required in today’s threat landscape.

NETSCOUT’s Arbor DDoS Protection utilizes AI to counter AI-enhanced attacks, while the AI-powered ATLAS Intelligence Feed delivers real-time threat data gathered from defending two-thirds of the global IPv4 address space. As DDoS solidifies its role as a primary cyberweapon, organizations must adopt proactive, intelligence-driven strategies powered by proven solutions that consistently outpace attackers.

Check out NETSCOUT’s latest DDoS Threat Intelligence Report today.