NETSCOUT has revealed a sharp increase in the scale and sophistication of distributed denial-of-service (DDoS) attacks, with more than eight million attacks recorded globally in the second half of 2025, according to its latest DDoS Threat Intelligence Report. The company said the threat landscape is being reshaped by coordinated botnets, AI-enabled tools, and persistent hacktivist groups, creating new risks for enterprises and critical infrastructure.
The report found that attackers are no longer relying only on high-volume traffic floods, but are using multi-vector and adaptive techniques that make attacks harder to detect and mitigate. Around 42% of attacks used multiple vectors simultaneously, while some changed behavior during execution to bypass traditional defenses. NETSCOUT also observed attacks reaching extreme scale, with some exceeding 30 terabits per second, highlighting the growing capacity of modern botnets.
Researchers noted that compromised IoT devices and customer-premises equipment are increasingly being used to generate outbound traffic floods, sometimes exceeding 1 Tbps, creating operational and reputational risks for broadband and mobile service providers. Critical internet services such as DNS and NTP infrastructure continue to face sustained attack pressure, making resilient and distributed architectures essential for maintaining service availability.
The report also points to growing collaboration among threat actors. In one instance, more than 20,000 botnet-driven attacks were recorded in a single month, targeting sectors such as government, finance, and transportation. Despite law-enforcement efforts to shut down DDoS-for-hire platforms, hacktivist groups and underground networks remain active and continue to evolve their tactics.
AI is playing an increasing role in this shift. NETSCOUT said large language models and automated tools available on underground forums are helping attackers identify vulnerabilities faster, expand botnets, and coordinate campaigns more efficiently. Mentions of malicious AI tools on dark-web forums rose sharply, indicating wider adoption among cybercriminal groups.
According to NETSCOUT, organizations must move beyond traditional defenses and adopt automated, intelligence-driven protection strategies, as the scale, speed, and coordination of modern DDoS attacks now pose a significant business risk rather than just a technical challenge.