DDoS Takes Center Stage on the Global Threat Landscape

Highlights from NETSCOUT DDoS Threat Intelligence Report Issue 12

DDoS Center Stage Global Threat Landscape

NETSCOUT’s biannual DDoS Threat Intelligence Report dissects trends and attack methodologies adversaries use against service providers, enterprises, and end users. The information cited in the report is gathered from NETSCOUT’s unparalleled internet visibility at a global scale, collecting, analyzing, prioritizing, and disseminating data on DDoS attacks. The following are a few of the key findings from the latest report.

Global Highlights

  • Visibility into 500 terabits per second (Tbps) of internet traffic across 214 countries, 456 industry verticals, and 13,005 autonomous system numbers
  • 13,142,840 observed DDoS attacks in 2023
  • Largest DDoS attack 1.1Tbps targeting Germany


The rise of tech-savvy and politically motivated distributed denial-of-service (DDoS) hacktivism that transcends geographic borders, as exemplified by groups such as NoName057(16) and Anonymous Sudan in 2023, signifies a distinct shift in the global cybersecurity landscape. These groups demonstrate not only advanced technical prowess but also the ability to harness such skills for varied political agendas. This trend marks a new era in cyberattacks,   profoundly impacting networks and organizations worldwide.

Claimed Threat Activity Over Time (2H 2023)
Claimed Threat Activity Over Time (2H 2023)


Beneath the surface of normal internet traffic, analysis reveals a growing infection of DDoS attacks targeting authoritative and recursive Domain Name System (DNS) servers, the unsung heroes of the internet’s infrastructure. From groups such as Lazarus Bear Armada (LBA) in 2019 to more successful operations run by Anonymous Sudan, DNS query floods can cause a domino effect,   knocking systems offline that serve hundreds to thousands of websites.

DNS Query Floods Targeting DNS Infrastructure (2H 2023)
DNS Query Floods Targeting DNS Infrastructure (2H 2023)


A “sophistication gap” in DDoS attacks is becoming increasingly evident. On one end, advanced attackers employ custom tools and cloud infrastructure; on the other, some still use basic, often free services. This disparity demands quick and targeted responses to effectively safeguard against these evolving cyber threats. NETSCOUT’s ASERT provides expert advice on how to detect and mitigate advanced DDoS attacks.

Explore the full NETSCOUT DDoS Threat Intelligence Report with interactive graphs and additional resources today.