DDoS risk and resilience rising

A distributed denial-of-service attack is the internet version of a traffic jam: attackers send so much junk traffic at a target that real users cannot get through. In the second half of 2025 alone, NETSCOUT recorded more than 8 million of these attacks worldwide. (netscout.com) The newer twist is the botnet, which is a swarm of hacked devices acting like one remote-controlled crowd. NETSCOUT says those swarms kept getting bigger in late 2025, with some campaigns reaching multiterabit capacity and pushing daily attack counts into the hundreds. (netscout.com, businesswire.com) July 2025 showed what that looks like in practice. CSO, citing NETSCOUT’s report, said that month alone saw a surge of more than 20,000 botnet-driven attacks aimed at essential services including government, finance, and transportation. (csoonline.com) Some of the targets were parts of the internet most people never see. NETSCOUT reported relentless pressure on Domain Name System root servers, which help computers find websites, and more than 45,000 alerts tied to Network Time Protocol services, which keep systems on the same clock. (csoonline.com, netscout.com) The attacks also clustered around politically tense moments. NETSCOUT said the India-Pakistan conflict triggered attacks on Indian government and financial networks in May 2025, and the Iran-Israel conflict was linked to more than 15,000 attacks against Iran and 279 against Israel in June 2025. (businesswire.com) Geography mattered too. CSO reported that Europe, the Middle East, and Africa led all regions in the second half of 2025 with 3.3 million attacks, ahead of Asia-Pacific, North America, and Latin America, while telecom was one of the most targeted sectors. (csoonline.com) That helps explain why backbone carriers are spending on availability instead of treating denial-of-service attacks as somebody else’s problem. Arelion, which operates a global Internet Protocol backbone, says it has used NETSCOUT Arbor Sightline and Threat Mitigation System tools for more than 16 years and expanded that protection for customers across service provider, content, and enterprise markets. (netscout.com, arelion.com) A backbone is the long-haul highway system of the internet, so trouble there spreads outward fast. Arelion says the point of the Arbor deployment is to keep customers connected to its backbone even when attack traffic is trying to overwhelm links upstream. (netscout.com) The practical change for companies is that denial-of-service risk is no longer just a website problem. If your cloud app depends on a telecom carrier, a content delivery network, a managed Domain Name System provider, or an upstream transit network, your outage exposure now includes their defenses and their blind spots too. (csoonline.com, netscout.com) That is why late-2025 DDoS news reads less like a narrow security story and more like an operations story. The companies that held up best were the ones with layered mitigation, outside visibility into third-party providers, and infrastructure designed to stay reachable even when the internet around them gets noisy. (csoonline.com, netscout.com)