Geopolitical conflict continues to drive up the number of distributed denial-of-service (DDoS) attacks, with spikes of up to 1,900 percent in certain areas correlating with political events. Artificial intelligence/machine learning (Al/ML), automation, and the abuse of enterprise-grade infrastructure are making attacks stronger and more agile, requiring proactive defensive measures to mitigate attacks. DDoS-for-hire services and carpet-bombing attacks have shown consistent growth by becoming more accessible. Attackers are also getting better at hiding by leveraging proxies to avoid detection and bypass traditional defenses. The latest issue of NETSCOUT's global DDoS Threat Intelligence Report, “DDoS: The Next Generation,” covers this and much more to help inform about current DDoS threats.

Global Trends

The following are just a few of the findings from this latest report:

• 8,911,312 DDoS attacks: +12.75 percent change over 1H 2024
• Highest throughput attack: 650.84Mpps
• Highest bandwidth attack: 995.40Gbps

Geopolitical DDoS Attacks

DDoS as a Political Weapon

Geopolitical events drove massive attack spikes in 2024, with Israel experiencing a 2,843 percent surge (June/July) and Georgia experiencing a 1,489 percent increase during the December elections.

Exploiting Political Instability

Attackers leveraged unrest, triggering a 465 percent rise in Kenya (finance bill protests) and a 218 percent spike in Mexico (elections).

DDoS as a Cyberwarfare Staple

Since 2022, DDoS has become a go-to tool in sociopolitical conflicts, deployed during elections, protests, and policy disputes.

Targeted Political Attacks

NoName057(16) is the dominant actor behind geopolitical DDoS campaigns, focusing on government websites in the United Kingdom, Belgium, and Spain.

Next-Gen DDoS-for-Hire

AI-Driven Precision

Attack platforms now use AI-powered CAPTCHA bypassing, with automation evolving toward behavior mimicry and real-time attack adaptation.

Scalability via Automation

APIs and automation enable multitarget, low-supervision DDoS campaigns, significantly increasing attack efficiency.

Exploiting Infrastructure

Advanced techniques such as carpet-bombing, IPv6 abuse, ISP masking, and geo-spoofing expand attack reach and bypass defenses.

Botnets: The Backbone of DDoS-for-Hire Services

Enterprise-Grade Botnets

Attackers now exploit high-power enterprise servers and routers, intensifying volumetric and application-layer attacks while making remediation difficult due to their role in production environments.

Impact Rises Despite Fewer Nodes

Mirai attacks surged 360 percent in 2024, even as overall botnet populations declined by 5 percent. December takedowns briefly cut attacks, but they rebounded by 81 percent, showcasing botnet resilience.

Takedowns Offer Only Temporary Relief

PowerOFF and similar operations cut botnet nodes by 85 percent overall and 94 percent for Dvinis, but new platforms quickly emerge. Although takedowns may deter casual users, they fail to reduce long-term DDoS activity in any measurable way.

Carpet-Bombing

Precision Targeting

Attackers focused on CIDR blocks smaller than the advertised autonomous system (AS) network ranges, primarily targeting /24 CIDR blocks, aligning with default DDoS-for-hire service configurations. Each attack targeted ~100 hosts across /20 to /27 CIDR blocks.

Massive Network Disruption

Despite low per-host impact, these attacks collectively generated up to 500Gbps of traffic, overwhelming entire networks.

Hiding Behind the Proxy

Proxies Power HTTPS Floods

By late 2024, proxy-driven HTTPS attacks exceeded 20 percent of all attacks, sustaining high-volume application-layer floods.

Growing Proxy Use in DNS Floods

DNS floods outpaced overall DDoS growth, with a rising share originating from proxies, making attribution harder and solidifying proxies as a key tool for attackers.

Conclusion

The challenge ahead is clear. Legacy defenses are no match for the modern DDoS threat. Security teams must move beyond reactive mitigation and embrace proactive, intelligence-driven defense strategies that disrupt attackers before they strike. The fight against DDoS is no longer just about absorbing traffic. It’s about outmaneuvering an adversary that is smarter, faster, more organized, and more relentless than ever, especially as DDoS evolves into a nonattributable cyberweapon for geopolitically motivated actors.

Learn about our latest threat report at RSA Conference! We'll be onsite at Booth #1435 (South Hall) to demonstrate this innovative new technology that helps our customers.  Or book a meeting with one of our Security Experts.