DDoS-Capable Botnets
In the second half of 2025, the number of DDoS-capable botnet nodes totaled 1,217,959.
These nodes have been instrumental in launching both direct-path and reflection/amplification attacks against enterprises and service providers worldwide. Persistent threat groups such as NoName057(16) remain active. They continue to enhance their capabilities by employing malware families such as Mirai, exploiting open proxy servers, leveraging public cloud infrastructure, utilizing bulletproof hosting providers, and employing reflection and amplification techniques to increase the volume and impact of their attacks. These evolving tactics make it increasingly challenging for defenders to protect against these sophisticated threats.
Enterprise
62,236
Security Related Events
253,486
Bots Targeted the Enterprise
142
Average Packets Per Bot Node
Enterprise Top 5
Source Countries
-
China
-
Brazil
-
India
-
Russia
-
Vietnam
Targeted Countries
-
Brazil
-
Vietnam
-
South Korea
-
Indonesia
-
United States
Targeted Industries
-
Wireless Telecommunications Carriers (except Satellite)
-
Wired Telecommunications Carriers
-
All Other Telecommunications
-
Commercial Banking
-
Computing Infrastructure Providers Data Processing Web Hosting and Related Services
Service Provider
774,275
DDoS Attacks
402,105
Bots targeted the Service Provider
25
Max Vector Count in a Botnet Attack
Service Provider Top 5
Source Countries
-
Brazil
-
Russia
-
China
-
United States
-
Thailand
Targeted Countries
-
Vietnam
-
Peru
-
South Korea
-
United States
-
United States
Targeted Industries
-
Wired Telecommunications Carriers
-
Wireless Telecommunications Carriers (except Satellite)
-
Computing Infrastructure Providers Data Processing Web Hosting and Related Services
-
Media Streaming Distribution Services Social Networks and Other Media Networks and Content Providers
-
Grantmaking Foundations
