DDoS Attack Motivations Abound

From cyberwar to cybercrime and espionage to competitive takeout, attacks are on the rise—and getting smarter.

Black background with black and white country flags waiving in wind

Last year saw a huge increase in distributed denial-of-service (DDoS) attacks, with most stemming from the Russian invasion of Ukraine. But they weren’t centered just on Ukraine—they affected dozens of countries and industries, and they haven’t let up in 2023. DDoS attacks have become increasingly common and sophisticated, targeting businesses, organizations, and individuals. An abundance of targets are ripe for exploitation by cybercriminals, and the motivations for these attacks can vary widely. Here are some possible motivations behind DDoS attacks:

  • Extorsion: Some attackers may launch DDoS attacks to demand a ransom payment from the victim in exchange for stopping the attack.
  • Cyberwarfare: Nation-states use DDoS attacks to cripple or deny access to critical infrastructure such as communications, banking, and utilities.
  • Hacktivism: Hacktivists may use DDoS attacks to protest or draw attention to their social or political causes.
  • Revenge: Some attackers may launch DDoS attacks as retaliation against a person, organization, or business that they perceive has wronged them.
  • Competitive advantage: Some attackers may target a competing business or organization to disrupt their services and gain an advantage in the market.
  • Cyberbullying: Some individuals may attack others with DDoS attacks as a form of online bullying or harassment.
  • Espionage: Nation-states may use DDoS attacks to gather intelligence by disrupting or disabling their targets’ networks.
  • Ideological reasons: Some attackers may launch DDoS attacks in support of their ideological beliefs, such as causing harm to companies that they view as unethical or harmful to the environment.

Since we first released our Worldwide Infrastructure Security Report (WISR) in 2005, we’ve seen a tenfold increase in DDoS attacks, and they’ve quickly moved from simple denial-of-service to hybrid application-layer, carpet bombing, and botnet direct-path attacks. Below we take a closer look at a few of the industries and services that found themselves heavily targeted and why they were caught in the crosshairs.

Wireless Telecommunications

Driven in part by the COVID-19 pandemic and the growth of Internet of Things (IoT), 5G wireless to the home, and abundance of mobile devices, the wireless telecommunications industry has become a target of choice for DDoS attackers. An industry that goes from 12.6 million subscribers in 2019 to a projected 1.6 billion by the end of 2023—a 12,720 percent increase in four years—is bound to find itself on the cybercriminals’ radar for the chance to exploit 5G/IoT devices and network access points.

DDoS attacks on this industry have grown 79 percent since 2020, representing 20 percent of all DDoS attacks and putting it second only to wired carriers. In this instance, attackers are most often motivated by underground gambling that occurs with esports or the gaming industry.

Optical Instrument and Lens Manufacturing

Here’s one that might surprise you. This industry saw a 14,137 percent jump in attacks in the second half of 2022 that were directed against countries in Europe, Middle East, and Africa (EMEA). That number came from attacks against just one major optics distributor, and over a four-month period that company received more than 6,000 attacks ranging from 1 Mbps and 1.6 Kpps to 260 Gbps and 42 Mpps. Strangely enough, extensive research didn’t turn up any direct cause for this sustained attack.

In addition to optical instrument and lens manufacturing, officials with the U.S. healthcare system are also expressing serious concerns about the possibility of increased DDoS attacks. For example, on January 31, 2023, the U.S. Department of Health and Human Services Cybersecurity Coordination Center announced that Killnet network hackers successfully stole and publicly shared data from several hospitals.


This diverse industry will undoubtedly continue to be a prime target of DDoS adversaries with the rise in IoT devices. In fact, during the winter of 2022 through April of that year, we observed a large manufacturer fall victim to a major application-layer attack. Over this four-month period, daily countermeasures successfully blocked malformed packets and Transport Layer Security (TLS) abuse, with connections dropping an average of more than 950 billion packets. In prior months, that kind of blocking would happen not daily but over an entire week’s time. The manufacturer was then hit with a ransomware attack that caused it to halt production, which surely was no coincidence. Adversaries most likely sought to extort money with this combination of DDoS and ransomware attacks.

Government and National Security

This one is probably not so surprising—it feels as if these attacks are in the news every day. With the Russian invasion of Ukraine, a 16,815 percent increase in attacks occurred against the U.S. national security sector in the second half of 2022. Analysts pointed to pro-Russian Killnet hackers as the culprits for DDoS attack spikes. We’ve found that Killnet prefers a sledgehammer approach rather than precision strikes, and their victory comes from taking down something with this bludgeoning.

Learn More

The motivations behind DDoS attacks are as diverse as they are frequent, and it’s important to protect your network and remain vigilant. NETSCOUT just released our fifth anniversary DDoS Threat Intelligence Report, “Unveiling the New Threat Landscape,” with findings from the second half of 2022. Take a closer look at the report and examine your current defenses against constantly evolving cyberthreats.

Check out the latest NETSCOUT Threat Intelligence Report.