DDoS-Capable Botnets
In the first half of 2025, the number of DDoS-capable botnet nodes totaled 1,207,640.
These nodes have been instrumental in launching both direct-path and reflection/amplification attacks against enterprises and service providers worldwide. Persistent threat groups such as NoName057(16) remain active. They continue to enhance their capabilities by employing malware families such as Mirai, exploiting open proxy servers, leveraging public cloud infrastructure, utilizing bulletproof hosting providers, and employing reflection and amplification techniques to increase the volume and impact of their attacks. These evolving tactics make it increasingly challenging for defenders to protect against these sophisticated threats.
Enterprise
307,146
Security Related Events
1,091,003
Bots Targeted the Enterprise
174
Average Packets Per Bot Node
Enterprise Top 5
Source Countries
-
China
-
India
-
United States
-
Russia
-
Vietnam
Targeted Countries
-
Brazil
-
Brazil
-
Vietnam
-
Nicaragua
-
Saudi Arabia
Targeted Industries
-
Wireless Telecommunications Carriers (except Satellite)
-
Plumbing Heating and Air-Conditioning Contractors
-
Wired Telecommunications Carriers
-
Educational Support Services
-
Software Publishers
Service Provider
345,740
Number of ddos attacks
370,989
number of bots
27
max vector count in a single attack
Service Provider Top 5
Source Countries
-
China
-
India
-
Russia
-
United States
-
Brazil
Targeted Countries
-
United States
-
China
-
Netherlands
-
Vietnam
-
Chile
Targeted Industries
-
Computing Infrastructure Providers Data Processing Web Hosting and Related Services
-
Wired Telecommunications Carriers
-
Wireless Telecommunications Carriers (except Satellite)
-
All Other Telecommunications
-
Insurance Agencies and Brokerages
