NETSCOUT Report Flags Surge in Sophisticated DDoS Attacks Driven by AI, Botnets

More than 8 million attacks recorded across 203 countries in second half of 2025

Bengaluru: Cybersecurity firm NETSCOUT Systems has reported a sharp rise in the scale and sophistication of distributed denial-of-service (DDoS) attacks globally, driven by coordinated botnets, expanding attack infrastructure, and the growing use of artificial intelligence by threat actors.

According to the company’s DDoS Threat Intelligence Report for the second half of 2025, more than eight million DDoS attacks were recorded across 203 countries and territories, with some attacks reaching volumes as high as 30 terabits per second (Tbps).

The report indicates that attackers are increasingly collaborating and leveraging compromised internet-of-things devices, automated attack tools, and DDoS-for-hire services, creating a new phase of hyper-scale cyber threat activity.

Richard Hummel said organizations that fail to adopt advanced cyber defenses risk serious operational disruption as attack complexity continues to increase.

“Threat actors identify organizations that haven’t invested in the right defenses to stay ahead of sophisticated and coordinated DDoS attacks to take down critical infrastructure,” Hummel said.

Multi-vector attacks rising

One of the most significant trends highlighted in the report is the growing use of multi-vector attack strategies, where attackers deploy multiple techniques simultaneously to evade detection.

About 42 percent of attacks used two to five distinct attack vectors, with some attacks dynamically changing techniques during execution to bypass mitigation systems.

The report also warns that compromised internet-of-things devices and customer-premises equipment are increasingly being used to launch high-volume outbound traffic floods, sometimes exceeding 1 Tbps, posing operational and reputational risks for broadband and mobile service providers.

Critical infrastructure under pressure

Critical internet services such as DNS and network time protocol (NTP) systems continue to face sustained attack pressure, underscoring the importance of resilient network architectures and distributed defenses.

Researchers also recorded more than 20,000 botnet-driven attacks in July 2025 alone, demonstrating how coordinated threat activity can rapidly overwhelm network defenses and disrupt government, financial, and transportation systems.

AI accelerating cybercrime

The report highlights the growing use of artificial intelligence tools in cybercrime operations. Discussions of malicious AI tools on underground forums increased by 219 percent, indicating rapid adoption of AI technologies by threat actors.

Large language models are being used to automate vulnerability discovery, accelerate exploit development, and expand botnet operations, allowing attackers to scale their campaigns more efficiently.

Despite law enforcement actions targeting DDoS-for-hire platforms, hacktivist groups and botnet operators continue to remain active and resilient, researchers said.

Global visibility into attack landscape

NETSCOUT monitors internet traffic through passive observation points across global networks, enabling direct visibility into attack activity. The company’s monitoring infrastructure protects two-thirds of the routed IPv4 space and tracks thousands of daily DDoS attacks across 376 industry sectors and more than 12,600 autonomous system networks.

The findings highlight the growing operational risks faced by digitally connected organizations as cyber attackers leverage automation, artificial intelligence, and large-scale botnets to launch increasingly complex attacks.

Security experts say the trend underscores the need for organizations to deploy automated, intelligent, and proactive cyber defense systems to keep pace with rapidly evolving threat capabilities.