Distributed Denial of Service (DDoS) attacks are increasingly being used as cyber warfare weapons to target elections and critical infrastructure, according to a new cybersecurity study.

In a new report released on Wednesday, NETSCOUT says attackers are exploiting political events such as elections, civil protests, and policy disputes to disrupt critical infrastructure.

The company’s H22024 DDoS Threat Intelligence Report shows that attackers are leveraging moments of national vulnerability to create instability and erode trust in institutions. Governments, commercial entities, and service providers are being targeted at critical times, with surges in attacks closely linked to major geopolitical events.

In a statement seen by Technology Times, NETSCOUT reports that Israel saw a 2,844% increase in DDoS attacks tied to hostage rescues and political conflicts, while Georgia experienced a 1,489% spike before the passage of the controversial “Russia Bill.” Mexico’s national elections triggered a 218% increase in attacks, and the United Kingdom faced a 152% jump on the day the Labour Party resumed parliamentary sessions.

In a statement seen by Technology Times, NETSCOUT reports that Israel saw a 2,844% increase in DDoS attacks tied to hostage rescues and political conflicts, while Georgia experienced a 1,489% spike before the passage of the controversial “Russia Bill.” Mexico’s national elections triggered a 218% increase in attacks, and the United Kingdom faced a 152% jump on the day the Labour Party resumed parliamentary sessions.

“DDoS has emerged as the go-to tool for cyberwarfare,” Richard Hummel, director of threat intelligence at NETSCOUT, says. “NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure, and organisations. In 2024, they repeatedly targeted government services in the United Kingdom, Belgium, and Spain.”

The rise of DDoS-for-hire services, coupled with artificial intelligence (AI) and automation, has made these attacks more powerful and accessible. NETSCOUT found that about 90% of these services now use AI to bypass CAPTCHA security measures, allowing attackers to automate large-scale attacks with minimal effort.

Automation also enables dynamic, multi-target campaigns, the report says, with attackers employing techniques such as carpet bombing, geo-spoofing, and IPv6 exploitation to maximize the reach and impact of their attacks. Even unskilled operators can now execute highly disruptive DDoS campaigns.

While global botnet populations declined by 5% in 2024, attackers have found ways to maintain resilience despite international takedown efforts. According to NETSCOUT, enterprise servers and routers are increasingly being exploited to amplify attacks, making them harder to mitigate.

Law enforcement operations, such as Operation PowerOFF, have attempted to dismantle DDoS-for-hire services, but their impact has been temporary, as new platforms quickly emerge to replace those that are shut down. “The long-term impact is uncertain,” the report says, “as attackers adapt and reconstitute their networks, with no significant decline in global attack volume.”

To mitigate this, NETSCOUT says that enterprises, government agencies, and service providers must adopt proactive, intelligence-driven strategies to defend against modern DDoS threats.

The company monitors tens of thousands of daily DDoS attacks worldwide and provides real-time insights into emerging threats. Its data shows that in the second half of 2024, global peak internet traffic surpassed 700 terabits per second.