The latest NETSCOUT Threat Intelligence Report (2H 2024) is a sobering but essential read for anyone involved in Cybersecurity. For UK cyber professionals navigating a climate of escalating cyber aggression and global instability, the data paints a picture of a rapidly evolving DDoS threat landscape that’s no longer just the concern of network operations teams, but of national security as well. 

Gone are the days when DDoS attacks were predominantly the handiwork of low-tier criminals with off-the-shelf tools. Today’s attacks are faster, smarter, and far more coordinated, increasingly tied to geopolitical events and state-aligned objectives. For the UK, and indeed many other nations, the implications are clear: DDoS is now a weapon of political influence and disruption. 

DDoS Goes Geopolitical 

The report highlights significant spikes in politically motivated attacks around major national and international events. In July 2024, for example, the UK saw a 152% increase in DDoS activity aligned with political transitions and public sector developments. Government systems and electoral infrastructure were key targets, coinciding with the new Labour government taking office and a shift in parliamentary leadership. 

These aren’t isolated incidents. Israel saw a 2,844% surge during a period of military and diplomatic tension; Georgia’s spike aligned with controversial legislative changes related to NATO and EU accession. The trend is unmistakable: DDoS attacks are being deployed not just to disrupt services, but to undermine public trust and amplify political unrest. 

The Rise of Next-Gen DDoS-for-Hire 

What makes this threat particularly challenging is its accessibility. DDoS-for-hire platforms, once rudimentary, now offer AI-powered attack orchestration with minimal user input. According to NETSCOUT, these services now feature capabilities like CAPTCHA bypassing, behavioural mimicry, and API-driven automation that enable near-continuous, multi-targeted campaigns. 

Takedown efforts—such as December 2024’s Operation PowerOFF—offered temporary reprieve but failed to dent long-term DDoS volumes. Attackers regrouped quickly, with botnet activity rebounding by 81% within weeks. 

Enterprise-Grade Botnets and Infrastructure Abuse 

A striking development is the increasing use of enterprise-grade servers and routers in DDoS campaigns. These are no longer zombie IoT devices acting in isolation. Attackers are leveraging high-capacity infrastructure to deliver volumetric and application-layer attacks at scales previously unseen—such as the 995Gbps attack recorded against China in December. 

Techniques like carpet-bombing—targeting entire subnet ranges to overwhelm networks without triggering typical detection thresholds—are becoming mainstream. This subtlety allows attackers to cripple infrastructure while evading many legacy defences. 

Proxy Wars: Obfuscation as a Strategy 

Layered on top of this is the expanded use of proxy networks, especially in HTTPS and DNS flood attacks. By routing traffic through residential and cloud-based proxies, attackers mask their origins and make mitigation significantly more difficult. By late 2024, proxy-powered HTTPS floods accounted for over 20% of global attacks, and DNS floods—often harder to detect—had begun to outpace them in volume. 

Implications for UK Organisations 

The UK remains a frequent target, not only due to its geopolitical standing but also because of the relative visibility of its public-facing systems. Attackers such as NoName057(16)—a repeat offender linked to pro-Russian agendas—have focused on UK government assets with high precision, often claiming successful disruptions on dark web forums. 

For security professionals, the call to action is clear: traditional, perimeter-focused DDoS defences are no longer sufficient. The next generation of threats demands a next-generation response—blending AI-enhanced visibility, automation, and hybrid cloud mitigation strategies. 

Final Thoughts

The NETSCOUT report should serve as a wake-up call—not a cause for panic, but a prompt for preparation. DDoS has matured into a sophisticated tool of disruption, one that is increasingly intertwined with the broader geopolitical landscape. For cyber defenders, the our challenge is not just to weather the storm, but to anticipate and adapt before the next one breaks. 

Access the NETSCOUT Threat Intelligence Report.

Contact us using the form below if you’d like a conversation with one of our experts on how Ampito can help you.