惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

NETSCOUT

The 1 A.M. Cloud Migration Meltdown Communication Service Provider Supports Banking Application Success Across International Borders Defending Against DDoS Attacks at Scale AI-Driven Workflow Automation Is the New North Star for Communication Service Providers Key Takeaways from the EMA Network Management Megatrends 2026 The Digital Foundation of Public Trust Is More Than Skin Deep Unlocking the Full Value of 5G with Network Slicing NETSCOUT to Have a Strong Presence at Cisco Live Why Airlines and Airports Must Embrace Observability Ahead of the Summer Travel Surge Beyond “Best Effort”: Why Carrier Grade 5G Slicing Matters More Than Ever The Shrinking Lifespan of SSL/TLS Certificates From Packets to Insight: How Curated Network Data Powers AI Data Centers Are Feeling the Heat, and That’s OK If You Can’t See the Slice, You Can’t Sell the SLA Insights from the GigaOm Radar for Network Observability v6 Report How Shadow AI Creates Zombie Infrastructure NETSCOUT Earns Eight Leader Badges in the G2 Spring 2026 Grid Reports Your Modern Manufacturing Network Deserves a Modern Observability Strategy The Hidden Cost of Poor Network Observability Insurance Systems Look Simple, but the Infrastructure Isn’t How AI is Transforming the RAN With the Right Data When Cloud SaaS DDoS Mitigation Offerings Aren’t Enough Frictionless Banking Experiences Start with Observability Colocation Growth Demands Scalable End-to-End Observability Bringing Shadow AI Into the Light AIOps Outcomes Depend on Data Quality, Not Algorithms Why AI, Zero Trust, and Modern Security Require Deep Visibility How Service Behavior Changes in Remote Locations The 10-Hour Problem: How Visibility Gaps Are Burning Out the SOC From Insight to Impact: Observability Fuels AI-Driven Innovation How Orphaned Applications Are Quietly Fueling Your Shadow IT Problem Why Today’s Security Tools Can’t See the Network Anymore How NETSCOUT Addresses Modern Network Observability Challenges Helping IT Organizations Prevent Disruptions Before They Impact Business How Hidden Blind Spots Quietly Became Cybersecurity’s Biggest Vulnerability The Blame Game! Is it the Network or Gaps in Observability? Six Winter 2026 G2 Leader Badges Prove This DDoS Protection Stands Out The Value of Combining Modern Observability Solutions for Actionable Insights AI Failure Is the Norm Because Most Initiatives Are Flying Blind NETSCOUT Distinguished by Frost & Sullivan with the 2025 Company of the Year Recognition 5 Emerging AI Data Trends Enterprise IT Teams Cannot Ignore What is Network Slicing NETSCOUT’s Omnis Cyber Intelligence Earns Security Today’s 2025 CyberSecured Award Turning a Flood of 5G Data into Rocket Fuel for AIOps NETSCOUT Recognized by Comparably as a Top Workplace for Q4 2025 How to deliver consistent ultra-low latency, high-throughput, and total reliability across complex networks Smart Data: The Super Fuel Driving Next-Gen Observability NETSCOUT Recognized for Leadership in Network Detection and Response Integrating Deep Packet Inspection in 5G Networks Removing Barriers to Digital Transformation Gain Real-time Visibility to Future Proof Your Network for Autonomous Operations Why Is Cloud Performance Still Foggy? Smarter DDoS Security at Scale How DPI Is Transforming Observability and Operational Resilience 10 Key Challenges to Optimizing Radio Access Networks in the 5G Era Why Arbor Edge Defense and CDN-Based DDoS Protection Are Better Together NETSCOUT’s Holiday Playlist for IT Teams and Leaders More Data Does Not Always Equate to Better Business Visibility Seeing Clearly with Deep Packet Inspection at Scale How to Ensure High Availability for FWA Services System Integrators and the Future of Enterprise IT The Transformative Power of ‘Thinking’ AI and the Implications for Business How Fast Can Your Organization Identify and Resolve IT Outages? Observability for the “Always On” Power Industry
How Botnet-Driven DDoS Attacks Evolved in 2H 2025
2026-03-20 · via NETSCOUT

The second half of 2025 marked a pivotal shift in the world of distributed denial-of-service (DDoS) attacks. Organizations across the globe faced a perfect storm: Artificial intelligence (AI) matured as an offensive weapon, botnet infrastructure reached new heights with multiterabit attack capacity, and DDoS-for-hire services became more accessible—even to nontechnical adversaries.

NETSCOUT’s ATLAS global threat intelligence platform, which monitored more than 8 million DDoS attacks in 203 countries and territories during this period, reveals a threat landscape where the line between intent and capability has all but disappeared. Attacks reaching up to 30 terabits per second are now possible, and conversational AI interfaces are guiding even unskilled attackers through complex operations.

Executive Summary

Between July and December 2025, the number of DDoS attacks remained steady compared to the first half of the year—but the nature of these attacks changed dramatically:

  • Massive attack capacity: Demonstration attacks peaked at 30Tbps and 4 gigapackets per second, primarily launched by Internet of Things (IoT) botnets such as Aisuru and TurboMirai variants.
  • AI integration: The use of AI, including dark-web large language models (LLMs), moved from emerging trend to operational reality, making sophisticated attacks accessible to a wider range of threat actors.
  • Persistent threat actors: Despite international law enforcement efforts, hacktivist groups and commodity botnets maintained high pressure. For example, NoName057(16) claimed more than 200 attacks in July alone, showing resilience even after infrastructure seizures.
    Critical infrastructure under pressure: DNS root servers and Network Time Protocol (NTP) services faced relentless attacks, with more than 45,000 NTP-related alerts. Well-architected systems proved resilient, but the persistence of threats was clear.
  • Targeted sectors and regions: Government, finance, telecom, transportation, and hospitality were the most targeted sectors. Regionally, EMEA led with 3.3 million attacks, followed by APAC, North America, and Latin America.

The latter half of 2025 was not just an evolutionary step, but a fundamental shift in who can launch sophisticated DDoS attacks, how quickly they adapt, and the scale of impact they can achieve.

Key Findings

1. Global scale and attack volume
  • More than 8 million DDoS attacks were recorded across 203 countries and territories, highlighting the persistent and growing operational risk for digitally connected organizations worldwide.
  • The attack count remained stable compared to the first half of the year, but the nature and sophistication of attacks changed dramatically.
2. Rise of IoT botnets and outbound risk
  • Massive direct-path attacks in 2025 demonstrated that compromised customer-premises equipment (CPE) can generate outbound floods exceeding 1Tbps, creating significant liability and service-availability risks for broadband providers.
  • The TurboMirai class of IoT botnets, including Aisuru and Eleven11 (RapperBot), emerged as a major force, capable of launching attacks up to 30Tbps and 4Gpps. Eleven11 alone was linked to more than 3,600 DDoS events between 2021 and mid-2025.
3. AI-enhanced DDoS-for-hire services
  • DDoS-for-hire platforms are now integrating dark-web LLMs and conversational AI, lowering the technical barrier for launching complex, multivector attacks.
    Even unskilled threat actors can now orchestrate sophisticated campaigns using natural-language prompts, increasing risk for all industries.
4. Threat actor collaboration and scale
  • July 2025 saw a surge of more than 20,000 botnet-driven attacks, with coordinated threat activity overwhelming defenses and disrupting essential services in government, finance, and transportation.
  • Groups such as Keymous+ demonstrated how partnerships between threat actors can amplify attack power, with collaborative events reaching up to 44Gbps.
5. Critical infrastructure under sustained pressure
  • High-value services such as DNS root servers and NTP faced continuous attack pressure. At least 38 significant DNS root events were recorded, including a 21Gbps flood against the A root server.
  • More than 45,000 NTP-related attack alerts were generated, underscoring the need for resilient, globally distributed architectures and robust mitigation strategies.
6. Geographic and sectoral targeting
  • The most targeted sectors were government agencies, financial services, telecommunications, transportation, and hospitality.
  • Regionally, EMEA led with 3.3 million attacks, followed by APAC (1.9 million), North America (1.27 million), and Latin America (1.01 million).
7. Multivector and carpet-bombing attacks
  • More than half of all attacks were multivector, with 42 percent using two to five vectors. Carpet-bombing attacks increased, averaging between 750 and 830 per day in the latter half of 2025.
  • Attackers frequently blended methods such as DNS amplification, SSDP, SNMP, mDNS, memcached, CLDAP, and mixed TCP floods to maximize disruption.
8. Defensive successes and ongoing challenges
  • Well-architected systems, especially those using anycast-based defenses, demonstrated resilience and maintained high availability despite continuous attack pressure.
  • However, the persistence of vulnerable devices and the rapid adaptation of threat actors mean that organizations must remain vigilant and proactive in their defense strategies.

Conclusion

The DDoS threat landscape in late 2025 was defined by sustained global attack volume, increasingly capable IoT botnets, sophisticated threat-actor campaigns, and a decisive move toward AI-enhanced DDoS-for-hire operations. Although the largest attacks remain rare, they continue to shape defensive strategies. The average attack is now short, intense, and multisector, targeting a wide range of industries and geographies.

Organizations must recognize that the democratization of attack tools, especially with AI integration, has lowered the barrier to entry for cybercriminals. Defending against these threats requires not just robust infrastructure, but also adaptive, intelligence-driven strategies that can keep pace with the evolving tactics of adversaries.

Read NETSCOUT’s 2H 2025 DDoS Threat Intelligence Report

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。