NETSCOUT Systems has released its 2025 Distributed Denial-of-Service (DDoS) Threat Intelligence Report, providing insights into the evolving DDoS landscape. The report highlights significant increases in both the scale and complexity of attacks worldwide.
DDoS activity reached unprecedented levels, with more than eight million attacks recorded globally. Some attacks peaked at 30 terabits per second, reflecting a marked rise in coordinated threat activity. The growth of DDoS-for-hire services has expanded the range of threat actors, increasing digital risk for organisations across sectors.
Security professionals face challenges beyond volumetric attacks, including reconnaissance, adaptive evasion, and pressures on traditional defence strategies. Organisations are adopting intelligent, autonomous defences to reduce the risk of operational disruption.
Key findings include:
- Massive global scale: More than eight million attacks were recorded across 203 countries and territories.
- Multi-vector tactics: Approximately 42% of attacks used two to five distinct attack vectors, often adapting dynamically during incidents.
- Impact on broadband and mobile services: Direct-path attacks exploited IoT and customer-premises equipment, producing outbound floods exceeding 1 Tbps.
- Targeting critical infrastructure: High-value services such as NTP and DNS experienced sustained attack pressure, highlighting the need for resilient, distributed architectures.
- Collaboration among threat actors: Over 20,000 botnet-driven attacks in July 2025 demonstrated the potential of coordinated activity.
Role of artificial intelligence: AI has become increasingly involved, with dark web activity accelerating vulnerability exploitation. Underground forums documented a 219% increase in mentions of malicious AI tools in 2025.
NETSCOUT monitors over two-thirds of the routed IPv4 space, providing visibility into global attack trends and supporting ongoing mitigation efforts. This enables organisations to access timely intelligence and better understand evolving DDoS threats.
