Unmasking the Swarm: The Evolving Tactics of Botnet-Driven DDoS Attacks

DDoS Threat Intelligence Report

Issue 16: Findings from 2H 2025

  • 8 Million + DDoS attacks
  • Download report for exclusive insights
  • Explore in-depth analysis
Download Report

Download the Report

Explore DDoS attack stats, trends, and impacts.

Key Findings

1

Global Scale and Peaks

The global DDoS landscape is still expanding with attack counts surpassing 8 million, across 203 countries, with some attacks reaching 30 Tbps in size. Massive DDoS attacks show how important it is for organizations to plan for extreme-scale events to maintain availability.
2

IoT Botnets and Outbound Risk

In 2025, large-scale direct-path attacks, many linked to the Eleven11 (RapperBot) botnet, which drove over 3,600 high-volume DDoS events since 2021, demonstrated that compromised IoT and customer-premise equipment can generate outbound floods greater than 1 Tbps, creating serious availability, reputational, and liability risks for broadband and mobile providers.
3

AI-Enhanced DDoS-for-Hire

DDoS-for-hire services are leveraging conversational AI and illicit LLM tools to let unskilled actors launch sophisticated multi-vector attacks via simple prompts, accelerating exploitation and botnet growth and forcing enterprises to bolster automated detection and mitigation.
4

Threat Actors Collaborate and Scale Up

Large-scale coordinated botnet attacks show how collaborating threat groups can overwhelm defenses across critical sectors, with partnerships dramatically increasing attack bandwidth by nearly 4x and highlighting how quickly adversaries can scale.
5

The Need for Protecting Critical Internet Infrastructure

High-value infrastructure services such as NTP and DNS remain under sustained attack pressure, reinforcing the need for resilient, globally distributed architectures. Despite continuous targeting, DNS root servers maintained high availability, demonstrating the effectiveness of well-designed defenses.

Executive Summary

Between July and December 2025, NETSCOUT® ATLAS telemetry recorded more than 8 million DDoS attacks worldwide. While overall attack volume remained steady, the reality beneath the numbers tells a different story: DDoS threats have fundamentally evolved.

Attackers demonstrated record-breaking capacity, integrated AI into operations, and continued targeting critical infrastructure and high-value sectors, despite global law enforcement takedowns.

This latest NETSCOUT DDoS Threat Intelligence Report reveals:

  • 30 Tbps and 4 Gpps peak attack demonstrations powered by advanced IoT botnets
  • AI-driven DDoS operations and dark-web LLMs move from emerging trend to operational reality
  • Persistent hacktivist and botnet activity, even after major platform disruptions
  • Sustained pressure on DNS root servers and NTP infrastructure
  • Heavy targeting of government, financial services, telecom, transportation, and hospitality

The second half of 2025 marks more than an escalation. It signals a shift in who can launch sophisticated attacks, how quickly they adapt, and the scale of impact now possible.

Download the full report to explore the latest DDoS threats with expert insights into the current attack landscape.

In-Depth Analysis

DDoS-Capable
Botnets

Country
Analysis

DDoS Attack
Vectors

Global
Highlights

Industry
Analysis

In-Depth Regional Analysis

APAC
LATAM
EMEA
NAMER
Download the full report for exclusive insights Download Report

Download the Report

Explore DDoS attack stats, trends, and impacts.