NETSCOUT: AI Supercharges DDoS Threats Globally

Distributed Denial-of-Service (DDoS) attacks are malicious cyberattacks that overwhelm a targeted system, like a website or network, with a flood of internet traffic, rendering it unavailable to legitimate users.
These have long been a threat to the digital world.
However, new research from NETSCOUT reveals that the threat has not only endured ā it has evolved.
In its 1H2025 DDoS Threat Intelligence Report, it finds that DDoS attacks continue to dominate the cyber landscape, driven by AI, emboldened hacktivists and nation-state actors who continually weaponise these methods to destabilise critical infrastructure on a global scale.
What are hacktivists?
Hacktivists are actors who gain unauthorised access to computer files or networks in order to further social or political ends.
Unlike traditional cybercriminals motivated by financial gain, hacktivists aim to raise awareness, protest perceived injustices or push for social change.
Their tactics include disrupting services through DDoS attacks, defacing websites, leaking sensitive information or hijacking social media accounts.
Their actions blur the line between activism and cybercrime, making them significant players in today’s digital landscape.
NoName057(16) is a prominent hacktivist group known for orchestrating large-scale, coordinated DDoS attacks, primarily targeting governments and critical sectors across.
In 2025, the group claimed over 475 attacks in March alone, far surpassing the activity of any other similar group.
The gravity of DDoS attacks
DDoS attacks were once used as cybercrime tactics, but they have evolved into precise and strategic digital weapons.
In the first half of 2025 alone, NETSCOUT recorded more than 8 million DDoS attacks globally, with in excess of 3.2 million in the EMEA region alone.
These figures emphasise the persistence of DDoS as a method of attack — but only scratch the surface of what’s changed.
One significant shift is in the scale and sophistication of attacks.
NETSCOUT observed more than 50 attacks exceeding a terabit per second (Tbps), including a record-breaking 3.12Tbps event in the Netherlands.
This volume of digital bombardment is now coupled with technical complexity. Multi-vector attacks, carpet-bombing tactics and automation powered by AI make traditional defences increasingly obsolete.
“As hacktivist groups leverage more automation, shared infrastructure and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” says Richard Hummel, NETSCOUT’s Director of Threat Intelligence.
āThe integration of AI assistants and the use of LLMs, such as WormGPT and FraudGPT, escalates that concern.
āAnd, while the recent takedown of NoName057(16) was successful in temporarily reducing the groupās DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed.
āOrganisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today.ā
Democratising DDoS
In the past, launching a DDoS attack required technical skill, but the rise of DDoS-for-hire services has thrown open the doors to a much wider range of threat actors.
Even novice attackers can now orchestrate devastating campaigns, while sophisticated players leverage botnets consisting of tens of thousands of compromised IoT devices, servers and routers.
This democratisation has transformed DDoS into a cost-effective weapon for hacktivists and geopolitical actors.
For example, during the 2025 India-Pakistan and Iran-Israel conflicts, coordinated DDoS attacks crippled government and financial sectors, demonstrating the strategic use of DDoS as a tool of modern cyberwarfare.
In June alone, more than 15,000 attacks targeted Iran, with nearly 300 striking Israel.
AI: Supercharging attackers
While DDoS-as-a-service lowers the entry bar, AI is amplifying the impact.
Attackers are increasingly using aforementioned LLMs like WormGPT and FraudGPT to generate scripts, automate reconnaissance and devise novel offensive strategies.
AI-enhanced automation makes it possible to scale attacks, evade detection and adapt to evolving network defences in real time.
NETSCOUT’s message
The message from NETSCOUT’s findings is clear: DDoS is not going away and traditional defences are no longer sufficient. Attackers innovate faster than defenders adapt.
Only intelligence-driven, adaptive protection stands a chance against today’s industrial-scale, AI-driven DDoS campaigns.
For organisations and service providers, this means investing in advanced threat intelligence, deep-packet inspection and automated response capabilities that can match attacker speed and sophistication.
With global traffic surpassing 800Tbps and threat actors multiplying, defending the digital frontier is becoming the defining security challenge of our era.



