What Do Escalating DDoS Attacks Mean for Telcos?

Distributed Denial-of-Service (DDoS), which involve hijacked devices that overwhelm targets with fake traffic, are highly disruptive and damaging. These malicious attacks overwhelm telecoms networks, causing outages, shutdowns and the disruption of online services across mobile, internet and voice services. 

Over the last years, there has been a marked increase in DDoS attacks, both in number and scale, as attackers target organisations with more sophisticated and frequent traffic.

This trend has been recognised in recent research from network visibility and protection cybersecurity firm NETSCOUT, which confirms that the threat not only persists but continues to evolve into a more potent weapon against the telecommunications industry, enterprises, governments and other critical infrastructure.

NETSCOUT research highlights an escalating threat

NETSCOUT’s 1H2025 DDoS Threat Intelligence Report reveals that DDoS attacks remain dominant across the global cyber threat landscape. According to the findings, attackers are now emboldened by AI, hacktivist momentum and nation-state sponsorship.

The elements combined create a wave of highly automated and industrial-scale disruption targeting service providers and enterprises alike.

The report notes more than eight million DDoS attacks worldwide in the first half of 2025 alone, with over 3.2 million recorded in the EMEA region.

“As hacktivist groups leverage more automation, shared infrastructure and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” says Richard Hummel, NETSCOUT’s Director of Threat Intelligence.

Hacktivists at the forefront

Hacktivist activity continues to grow, blurring the line between digital protest and outright cybercrime. Unlike cybercriminals motivated by profit, hacktivists focus on advancing political or social causes.

The tools they use include website defacement, data leaks and increasingly, highly disruptive DDoS campaigns.

A prominent example is NoName057(16), a group that claimed responsibility for more than 475 attacks in March 2025 alone. Its coordinated targeting of government and financial entities illustrates the role of hacktivists in destabilising critical sectors.

While a recent takedown of parts of the group’s botnet temporarily reduced its activity, the threat of resurgence remains.

Scale, speed and complexity

DDoS campaigns are no longer limited to sheer volume. NETSCOUT observed more than 50 incidents exceeding one terabit per second (Tbps) in 2025, including a record 3.12Tbps event in the Netherlands.

Multi-vector attacks, carpet-bombing methods and AI-driven automation now combine to make such campaigns both harder to detect and more destructive.

Richard notes the significance of emerging tools such as WormGPT and FraudGPT: “The integration of AI assistants and the use of LLMs escalates that concern.” These language models enable attackers to accelerate script generation, reconnaissance and adaptive tactics at unprecedented speed.

The democratisation of DDoS

DDoS was once the preserve of skilled operators, but the rise of DDoS-for-hire platforms has lowered the barrier to entry. Even inexperienced attackers can now launch damaging assaults, while more advanced players command botnets made up of tens of thousands of compromised IoT devices and servers.

The accessibility has transformed DDoS into a cost-effective strategic weapon. During recent geopolitical conflicts in South Asia and the Middle East, coordinated campaigns paralysed financial and government services.

In June 2025 alone, Iran endured more than 15,000 attacks, while Israel faced nearly 300 targeted strikes.

AI as a force multiplier

AI is amplifying the effectiveness of these campaigns. By enabling automation, AI allows attackers to scale operations, evade detection and adapt to evolving defensive measures in real time. The acceleration ensures that defenders must now match not only scale but speed and adaptability.

For telecommunications operators and managed service providers, the implications are clear. Traditional static defences cannot withstand today’s dynamic, AI-enhanced DDoS environment.

Instead, the industry must adopt intelligence-driven approaches incorporating deep-packet inspection, real-time threat intelligence and automated countermeasures.

NETSCOUT warns that with global traffic volumes already exceeding 800Tbps, the task of securing networks against DDoS has become one of the defining challenges of modern cybersecurity.

As the report concludes: “Organisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today.”