More than 8 million digital attacks hit worldwide in the first half of 2025, with Europe among the hardest hit regions, according to a new report. AI-driven threats and global events contributed to major spikes in DDoS activity targeting critical infrastructure.
Over 8 million digital attacks were recorded globally in the first half of 2025, with Europe ranking as one of the hardest hit continents, according to a new report by American cloud security company NETSCOUT. The majority of these attacks caused outages lasting between five and fifteen minutes, affecting telecommunications companies in Germany, France, Poland, Russia, and Saudi Arabia.
NETSCOUT found that countries in Europe, the Middle East, and Africa (EMEA) faced 3.2 million distributed denial of service (DDoS) attacks—schemes that overwhelm targeted systems, websites, or networks. Artificial intelligence (AI) is increasingly used by states and hacktivists to evade detection and carry out attacks across multiple internet providers.
The report describes modern DDoS attacks as “precision-guided weapons of geopolitical influence capable of destabilising critical infrastructure,” presenting “unprecedented cyber risk” to organizations worldwide. “As hacktivist groups leverage more automation, shared infrastructure, and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” said Richard Hummel, NETSCOUT’s director of threat intelligence.
Anthropic, an AI company, reported in its latest threat report that it stopped an operation in July using its chatbot Claude for large-scale theft and extortion, with ransoms sometimes exceeding $500,000 (nearly €430,000).
Hacktivists are now using AI assistants or large language models (LLMs) such as WormGPT and FraudGPT to coordinate attacks, the report said. FraudGPT, described as an AI bot sold on the Dark Web for offensive purposes, is used for phishing, password cracking, and credit card theft. WormGPT has similar features and can also conduct business email compromise (BEC) attacks, where criminals impersonate executives to steal money or data—scams that cost businesses millions each year.
NETSCOUT’s threat intelligence platform monitors tens of thousands of DDoS attacks daily, using data from simulated attacks and actual web traffic, and tracks botnets and DDoS-for-hire services.
EMEA countries accounted for just under half of 2025’s DDoS attacks, an 11% decrease from late 2024. Global events were significant catalysts, such as the World Economic Forum in Davos, Switzerland, which saw more than 1,400 attacks—double the previous year’s figure. Italy was also targeted by numerous DDoS attacks in February and March, mainly against public bodies in response to political developments.
Outside Europe, regional conflicts like those between Pakistan and India, and Iran and Israel, triggered above-average DDoS activity. Since June 13, Iran has endured more than 15,000 cyberattacks, with 2,800 occurring in a single day, indicating its status as a primary target.
.png)
.png)
.png)
