NETSCOUT reports increase in sociopolitical-linked DDoS attacks

On April 2, NETSCOUT Systems released its 2H2024 DDoS Threat Intelligence Report. According to the report, Distributed Denial of Service (DDoS) attacks have evolved into “precision-guided” digital weapons that are increasingly being linked to sociopolitical events.

Geopolitical battlefield

NETSCOUT reports that politically motivated DDoS attacks are increasing dramatically and have become a dominant means of waging cyberwarfare. According to the threat report, DDoS attacks throughout 2024 were linked to sociopolitical events. In 2024, countries like Israel and Georgia experienced surges of 2,844% and 1489% in politically motivated DDoS attacks, respectively. These attacks often coincide with periods of heightened national tension, indicating a specific motive behind the attacks: exploiting social unrest by targeting vulnerable infrastructure.

Richard Hummel, director of threat intelligence at NETSCOUT, reported that entities like the pro-Russian hacker group NoName057(16) are responsible for politically motivated attacks.

“DDoS has emerged as the go-to tool for cyberwarfare,” said Hummel in a press release. “NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure, and organizations. In 2024, they repeatedly targeted government services in the United Kingdom, Belgium, and Spain.”

Other countries also saw attack increases during sociopolitical events, with Kenya experiencing a 465% increase coinciding with protests and Mexico seeing a 218% increase during the country’s elections. 

Complex attacks

The report highlights evolutions in attack sophistication, with DDoS-for-hire services leveraging AI for dynamic, multi-targeted attack campaigns.

Botnets—networks of compromised computers or devices— continue to play a role in DDoS attacks despite coordinated takedown efforts. According to the report, overall botnet populations have decreased by 5% but show strong resilience. Attackers are reportedly leveraging high-performance enterprise servers, complicating mitigation efforts.

The report also highlighted the evolution of carpet-bombing attacks that scatter traffic across a range of IP addresses.

Defense

According to NETSCOUT, legacy defense methods are no longer effective against DDoS attacks. The report advises security teams to move beyond reactive mitigation strategies and instead embrace proactive intelligence-driven defense strategies that can disrupt attackers before they strike.

For related articles, visit the Business Topic Center.

For more information on high-speed transmission systems and suppliers, visit the Lightwave Buyer’s Guide.

To stay abreast of fiber network deployments, subscribe to Lightwave’s Service Providers and Datacom/Data Center newsletters.