DDoS attacks function as tools for political influence and disruption.

In the first half of 2025, there were 8,062,971 DDoS attacks globally, with the EMEA region experiencing the highest volume at 3.2 million attacks, according to Netscout. Peak attack speeds reached an alarming 3.12 Tbps and 1.5 Gpps. These attacks have evolved from mere disruption tools into precise instruments of geopolitical influence, capable of targeting critical infrastructure during sensitive moments. Major political events have been significant catalysts for these spikes in attacks. For instance, during the World Economic Forum, Switzerland recorded over 1,400 attacks, which is double the normal rate for similar periods in December. Italy also faced sustained targeting amid political discussions, while the India-Pakistan conflict saw hacktivist groups like SYLHET GANG-SG and Keymous+ targeting Indian government and financial sectors. In the Iran-Israel conflict, Iran endured over 15,000 attacks, compared to just 279 against Israel.

The surge in DDoS attacks is largely driven by the increasing accessibility of attack tools. Readily available DDoS-for-hire services have lowered the barriers to entry, enabling even novice actors to launch sophisticated campaigns. This ease of access is further enhanced by new technologies, including AI-driven automation, multi-vector attacks, and carpet-bombing techniques that can easily overwhelm traditional defences. In March 2025 alone, attackers executed over 27,000 botnet-driven DDoS attacks, relying on previously known vulnerabilities to conduct longer-lasting campaigns. The month saw an average of 880 bot-driven DDoS attacks per day, peaking at 1,600 incidents. Attack durations also increased, averaging 18 minutes and 24 seconds, with threat actors employing complex multi-vector strategies and exploiting vulnerabilities in IoT devices. The hacktivist group NoName057 continued to dominate in both claimed operations and actual attack activity, primarily targeting government websites in Spain, Taiwan, and Ukraine. Meanwhile, the newly formed hacktivist group DieNet orchestrated over 60 DDoS attacks against critical infrastructure, including U.S. transit systems and Iraqi government websites. Richard Hummel, Director of Threat Intelligence at Netscout, emphasised that as hacktivist groups leverage more automation and evolving tactics, organisations must recognise that traditional defences are no longer sufficient. 

Categories: DDoS Attack Trends, Geopolitical Influences, Hacktivism and Automation 

Tags: DDoS Attacks, EMEA, Geopolitical Influence, Critical Infrastructure, Hacktivist Groups, Botnets, Automation, Multi-Vector Attacks, Vulnerabilities, AI Assistants