AI‑enhanced DDoS‑for‑hire operations increased rapidly in 2025—report

Conversational AI interfaces are enabling a wave of DDoS attacks as threat actors target enterprise supply chain vulnerabilities.

4 March, 2026
DDoS attacks increased significantly globally in the latter half of 2025. Photo credit: Shutterstock

NETSCOUT’s distributed-denial-of-service (DDoS) Threat Intelligence report for the latter half of 2025 found a significant shift towards AI‑enhanced DDoS‑for‑hire operations.

The DDoS landscape in the second half of 2025 combined sustained global attack volume, increasingly capable IoT botnets, sophisticated threat‑actor campaigns, and a decisive shift toward AI‑enhanced DDoS‑for‑hire operations, according to the report.

Dark‑web models such as WormGPT and FraudGPT, priced around $60–$200 per month, show how nontechnical users can already generate malware and phishing content, while inexpensive voice‑cloning tools allow realistic social engineering at scale.

Free Sample

Download sample pages of selected reports

Explore a selection of report samples we have handpicked for you. Get a preview of the insights inside. Download your free copy today.

Darren Anstee, CTO for security at NETSCOUT told Verdict and its sister publication Tech Monitor from MWC 2006, that greater automation is driving the increase in more sophisticated and more regular attacks. Conversational AI interfaces are amplifying an already democratised threat landscape where booter services and malicious LLMs have long lowered technical barriers.

“We now have things like AI chat bot front ends, which remove any complexity to their usage. You don’t need to understand anything about how a DDoS attack works. You just need to say, I would like to attack this organisation during their business hours, and the tool will go away and recon that target, figure out what the best attacks are, and launch the attack for you,” explained Anstee.

Government agencies, financial services, telecommunications, transportation, and hospitality sectors all experienced the highest concentration of attacks. Regional analysis revealed EMEA leading with 3.3 million attacks, followed by APAC with 1.9 million, North America with 1.27 million, and Latin America with 1.01 million events.
Addressing the increased complexity and volume in attacks requires commensurate defence strategies around intelligence, and layering capabilities, according to Anstee.

“It’s all about asking the right questions. Are you defended from DDoS attacks? What do your defences look like? Do you have the right layers of defence in place to deal with what’s going on out there right now?” he said.

According to research and analysis company GlobalData’s Strategic Intelligence Cybersecurity 2025 report, the rise of DDoS and other cyber threats has driven a 31% increase in enterprise cybersecurity budgets for 2025, with many organisations focusing spending on advanced, AI-powered defensive measures.

The report also identified a rise in hacktivist activity with a broader spread of motivations. “It’s not just pro-Russian and pro Palestine. Some are targeting to make news. Some are targeting to actually cause damage. And that means that, you’re not really sure where they’re going to go next. It’s not always big organisations or government. Sometimes they’re focused on digital supply chains,” warned Anstee.

“Anyone can be targeted very easily now with a sophisticated attack, and that means not just addressing your threat surface, but also the threat surface of your supply chain. Because there’s an increased reliance on supply chains now across platforms, if that supply chain is knocked over, or any element of it that could impact your business, you have to broaden your thought around where your defences are and what’s being protected,” he said.

Large financial services institutions or government agencies are relatively well prepared and resourced for attacks. But in a lot of cases, enterprises fail to properly assess their dependencies, beyond the first tier of immediate suppliers. “And the problem is, is that there’s a kind of domino effect, that you may have an application that’s dependent on another application that’s dependent on another application,” said Anstee.

“If that one disappears, everything stops working. So you really have to start thinking about how you’re defended, and how your whole supply chain is defended,” he added.

Unlock up to 35% savings on GlobalData reports

Use the code at checkout in the report store

  • 20% OFF

    Buy 2 reports

    Use code:

    Bundle20

  • 25% OFF

    Buy 3 reports

    Use code:

    Bundle25

  • 30% OFF

    Buy 4 reports

    Use code:

    Bundle30

  • 35% OFF

    Buy 5+ reports

    Use code:

    Bundle35

Valid on all reports priced $995 and above. Cannot be combined with other offers.

Still deciding what will work best for your business?

Ask our experts for help.

Enquire before buying

More Cyber insecurity

View More