Photo credit: Pexels

Distributed denial-of-service (DDoS) attacks are no longer just a tool for cybercriminals but have evolved into a dominant geopolitical weapon, according to network security firm Netscout. 

The company's latest DDoS Threat Intelligence Report revealed that nearly 9 million DDoS attacks were recorded in the latter half of 2024, marking a 12.7% increase from the first half of the year.

DDoS campaigns—once primarily used for disruption and extortion—are now an integral part of geopolitical conflicts. The report highlights a staggering 2,844% spike in politically driven DDoS attacks against Israel in February 2024 and a 1,478% increase in Georgia in April, tied to political instability surrounding the country’s controversial "Russia bill." 

Similar trends emerged in Kenya, where financial protests triggered a 465% surge in attacks, and Mexico, where election-related unrest fueled a 218% rise in DDoS incidents.‍

The Evolution of DDoS Warfare

Modern DDoS threats have become more sophisticated and harder to counter. Attackers are increasingly leveraging high-performance enterprise servers, AI-driven automation, and proxy-based attack mechanisms to amplify their assaults. 

Mirai-powered botnet attacks, for instance, surged by 360% in 2024, despite an overall 5% decline in botnet populations. Even global law enforcement efforts, such as Operation PowerOFF—which temporarily dismantled major DDoS-for-hire services—offered only brief relief, as new attack platforms emerged to fill the void.

One of the most aggressive groups fueling politically motivated cyberattacks is NoName057(16), which has been actively targeting government websites in the UK, Belgium, and Spain. The group's attacks align with major political events, suggesting a well-coordinated strategy of cyber disruption.‍

Tactical Shifts and Escalating Threats

Attackers are also adopting advanced techniques like carpet-bombing, where they systematically overwhelm vast sections of network infrastructure rather than focusing on a single target. 

These large-scale attacks, sometimes generating up to 500 Gbps of traffic, can cripple entire internet service providers (ISPs). Meanwhile, proxy-driven HTTPS floods accounted for over 20% of all DDoS attacks in late 2024, making mitigation efforts more challenging by obscuring the true origin of the traffic.

The report warns that traditional security measures are no longer sufficient to counter the evolving DDoS threat landscape. "Organizations must shift to intelligence-driven security strategies to mitigate risks and ensure resilience in an increasingly volatile cyber battlefield," Netscout noted.