Report Warns of Surge in Global DDoS Cyberattacks in Late 2025

A new cybersecurity report has warned that distributed denial-of-service attacks are growing in scale and complexity, with millions of incidents recorded worldwide in the second half of 2025.

NETSCOUT Systems has released its DDoS Threat Intelligence Report for the period, revealing a sharp rise in large, coordinated cyberattacks carried out by sophisticated threat actors, resilient botnets and networks of compromised internet-connected devices.

According to the report, more than eight million distributed denial-of-service (DDoS) attacks were detected across 203 countries and territories during the six-month period. Some incidents reached record levels, peaking at 30 terabits per second. Researchers say the scale of these attacks signals a new stage in global cyber threats that continues to challenge organisations trying to defend their networks.

The company also highlighted the expansion of so-called DDoS-for-hire services. These platforms allow individuals with limited technical knowledge to pay for cyberattacks, lowering the barrier for criminals and increasing the number of potential attackers targeting businesses and public institutions.

Security experts warn that this shift is raising the risk for companies that depend on digital infrastructure. Alongside the increase in attack numbers, the report says threat actors are using reconnaissance tactics and adaptive techniques designed to bypass traditional security systems.

Richard Hummel, director of threat intelligence at NETSCOUT, said attackers are increasingly identifying organisations with weak protection and targeting them in coordinated campaigns.

“Threat actors identify organizations that haven’t invested in the right defenses to stay ahead of sophisticated and coordinated DDoS attacks to take down critical infrastructure,” he said. Hummel added that older security systems are proving less effective as attackers push the limits of size and complexity.

Researchers observed that many cyberattacks now use several techniques at once. About 42 per cent of incidents combined two to five different attack methods, with some changing tactics during the assault in order to make detection and mitigation more difficult.

The report also points to large volumes of malicious traffic coming from compromised internet of things devices and customer-premises equipment. In some cases, the traffic generated by these networks exceeded one terabit per second, creating the potential for service disruption and reputational damage for internet service providers.

Essential internet services such as network time protocol and domain name system infrastructure were frequently targeted, highlighting the importance of resilient systems that can maintain operations during heavy traffic surges.

Researchers also noted increased cooperation among cybercriminal groups. In July 2025 alone, more than 20,000 botnet-driven attacks were recorded. These coordinated campaigns can overwhelm defences and disrupt sectors such as government, finance and transport.

The report warns that artificial intelligence is also beginning to play a role in cybercrime. Discussions about malicious AI tools on underground forums have increased sharply, and some threat actors are using large language models to help exploit vulnerabilities and expand botnets.

NETSCOUT said its analysis is based on direct monitoring of global internet traffic through its infrastructure, which observes a large share of the routed IPv4 internet and recorded peak network traffic of more than 800 terabits per second during the reporting period.