A new report from cybersecurity firm NETSCOUT shows that a record over eight million global DDoS attacks were launched in H1 2025, with attackers timing assaults to coincide with major political events and cause maximum chaos.
Nation-states and hacktivist groups are now routinely using DDoS attacks to cripple essential services like communications, transport, and energy. The report shines a light on a disturbing trend: major international events are now prime targets.
When the World Economic Forum convened in January, for example, Switzerland was hit with over 1,400 attacks, roughly double the usual rate. This digital siege was led by notorious groups like NoName057(16), who are known for launching hundreds of coordinated strikes a month.
Europe, the Middle East, and Africa have been in the eye of the storm, weathering 3.2 million of these attacks. NETSCOUT tracked more than 50 attacks that broke the one terabit-per-second barrier, with one attack in the Netherlands peaking at 3.12 Tbps. These global DDoS attacks are overwhelming floods of data designed to bring down even the most fortified online services.
What’s feeding this fire is the frighteningly easy access to attack tools. DDoS-for-hire services, readily available on the dark web, have put powerful cyberweapons into the hands of anyone with a grievance and a little cryptocurrency. This has allowed even rookie attackers to launch sophisticated campaigns.
These threat actors are upgrading their arsenals with AI-driven automation and “carpet-bombing” techniques that make traditional defences look increasingly obsolete. It’s a perfect storm of factors that has created a new level of cyber risk.
The engine room for these global DDoS attacks is a sprawling network of botnets—tens of thousands of hijacked IoT devices, servers, and routers working in unison. These zombie networks can sustain attacks for an average of over 18 minutes, more than enough time to inflict serious operational and financial harm. In March, the situation grew even more intense, with an average of 880 bot-driven attacks every single day, and on one day, that number spiked to 1,600.
The line connecting global politics to cyberattacks has never been sharper. The recent conflict between Iran and Israel quickly spilled into cyberspace with over 15,000 attacks on Iranian networks, while Israel faced 279. As the report points out, “nearly all 15,000 attacks on Iran were observed from networks outside Iran. This is consistent with the nature of all DDoS attacks, where untargeted networks bear the burden of carrying DDoS attack traffic regardless of the target’s status.”
Meanwhile, the hacktivist group NoName057(16) continues to dominate the scene. In March alone, they claimed over 475 global DDoS attacks – 337% more than their closest rival – and hit government websites in Spain, Taiwan, and Ukraine.
And new threats are constantly emerging. A group called DieNet surfaced in March and has already launched over 60 attacks on critical infrastructure using rented DDoS services. Another newcomer, Keymous+, has hit 73 targets across 28 different industries in 23 countries, showing just how fast the threat is growing and spreading.
Richard Hummel, Director of Threat Intelligence at NETSCOUT, said: “As hacktivist groups leverage more automation, shared infrastructure, and evolving tactics, organisations must recognise that traditional defences are no longer sufficient.
“The integration of AI assistants and the use of large language models, such as WormGPT and FraudGPT, escalates that concern. And, while the recent takedown of NoName057(16) was successful in temporarily reducing the group’s DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed.”
As DDoS attacks become a standard feature of modern global conflict, we need more proactive defence. Without a clear view of the threats in real-time, it’s not just the direct targets that are at risk; any organisation can become collateral damage.
See also: Europe must adapt to Russia’s hybrid cyber war
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
👇Follow more 👇
👉 bdphone.com
👉 ultractivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com
👉 bdphoneonline.com
👉 dailyadvice.us