NETSCOUT will place focus on the realities of AI-driven cyber attacks at the upcoming ITWeb Security Summit 2026, a fact underscored by the results of its most recent NETSCOUT Threat Intelligence Report for the second half of 2025. The latest report from the organisation reveals that the distributed denial of service (DDOS) threat landscape in late 2025 was defined by sustained global attack volumes, increasingly capable IOT botnets, sophisticated threat actor campaigns and a decisive move towards AI-enhanced DDOS-for-hire operations.
Now in its 21st year, ITWeb Security Summit is Africa’s premier cyber security event. Under the theme: ‘Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap’, the 2026 summit will take place in Cape Town (25-26 May) and in Johannesburg (2-4 June).
Millions of DDOS attacks seen on a global scale
According to the Threat Intelligence Report for 2H 2025, NETSCOUT’s ATLAS global threat intelligence platform monitored more than 8 million DDOS attacks in 203 countries and territories during the six-month period between July and December 2025, uncovering a threat landscape where the line between intent and capability has all but disappeared.
Attacks reaching up to 30 terabits per second are now possible, and conversational AI interfaces are guiding even unskilled attackers through complex operations. Although these large-scale attacks remain rare, they continue to shape defensive strategies. The average attack – fuelled by TurboMirai IOT botnets – is now short, intense and multi-sector, affecting a wide range of industries.
Between July and December 2025, more than 3.3 million DDOS incidents were recorded across Europe, the Middle East and Africa (EMEA), marking it as the most impacted region. This was followed by Asia-Pacific (APAC) with over 1.9 million incidents, North America with 1.27 million and Latin America with 1.01 million.
Multi-vector attack strategies signal DDOS sophistication shift
More than half of these attacks worldwide were multi-vector strikes, underscoring a fundamental shift in how campaigns are being executed. Threat actors are increasingly leveraging AI to plan, launch and adapt attacks in real-time. As a result, sophisticated attacks no longer require deep technical expertise, significantly narrowing the gap between attacker intent and execution.
And, as outlined by the Threat Intelligence Report 2H 2025, these dynamics are mirrored across Africa.
South Africa experienced the highest number of vectors seen in a single attack, at 26. The most common included TCP ACK floods, TCP RST floods, DNS amplification and SYN floods. Libya followed with 23 vectors and Kenya with 21, while Morocco, Tunisia and Zambia each recorded 20 vectors. Mauritius registered 19 vectors in one instance.
South Africa (which was ranked as the fifth most targeted country in EMEA), Morocco and Kenya were once again the three countries recording the most incidents – at 171 812, 145 396 and 51 315 attacks respectively. However, it was countries within West and East Africa that were predominantly targeted with the longest duration onslaughts on the continent.
ITWeb Security Summit 2026
Now in its 21st year, ITWeb Security Summit is Africa’s premier cyber security event.
Under the theme: “Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap”, the 2026 summit will take place in Cape Town (25-26 May) and in Johannesburg (2-4 June).
For more information or to register, visit www.itweb.co.za/securitysummit.
Wireless telecommunications carriers recorded some of the lengthiest incidents: lasting 1 785 minutes (close to 30 hours) in the Republic of the Congo; 1 023 minutes (more than 17 hours) in Liberia; and 1 005 minutes (almost 17 hours) in the United Republic of Tanzania.
“Many factors influence the duration of an attack, including mitigation efforts, detection capabilities, attack size and attacker persistence,” explains Bryan Hamman, area vice-president (AVP) for Africa at NETSCOUT. “It should be noted that duration is not a measure of the size of an attack, because smaller attacks often go unnoticed for longer periods of time. In contrast, larger-scale attacks trigger alarm systems more quickly, leading to faster mitigation efforts.
“To reduce the duration of a DDOS attack, organisations must be able to identify the signs early. Ideally, they will already have a DDOS detection solution in place. If not, they should look for performance degradations such as slow response, long load times or unavailability of websites, applications or other services. If an attack is confirmed and no DDOS protection solution is in place, the first step is to contact the internet service provider for mitigation support, while continuing to monitor the attack until it ends.”
While wireless telecommunications organisations were by far the most attacked sector on the broader continent, from Angola to Zambia, several other industries were also affected. Wired telecommunications carriers topped the list of sectors in Algeria, Burkina Faso, the Democratic Republic of the Congo and Tunisia, while all other telecommunications companies were the most targeted in Zimbabwe. Computer infrastructure providers were the leading targets in Eswatini, Madagascar, Seychelles and South Sudan.
Implications for defenders
“DDOS attacks remain one of the most persistent and disruptive threats in the cyber security landscape,” says Hamman. “They can have significant impact on both direct and indirect costs. Lack of network, application or service availability can cause downtime, leading to frustrated customers, unproductive employees, reputational damage, eroded customer trust and revenue decline.
“Legacy defences struggle against AI-enhanced DDOS campaigns. Static signatures, manual response and limited visibility are no longer sufficient, meaning that effective defence now requires intelligence-driven, automated and adaptive protection. Investing in both cloud-based and on-premises adaptive DDOS protection is essential to defend against multi-vector dynamic attacks of all types to prevent these losses,” he adds.
Visit NETSCOUT on stand 33 at ITWeb Security Summit 2026 for more information and stand a chance to win an anti-theft laptop backpack. Delegates are also invited to attend a talk by Nuno Ceitil, consulting systems engineer at NETSCOUT, at the event, which will unpack how threat actors are using AI to automate and enhance attacks. Ceitil will also discuss how AI is creating increasingly sophisticated and automated assaults, how it features in modern DDOS attacks and why it shifts the advantage towards attackers.
Register to attend ITWeb Security Summit 2026 by clicking here.
NETSCOUT protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic of over 800Tbps, covering 376 industry verticals and 12 698 autonomous system numbers (ASNs) in the second half of 2025. It monitors tens of thousands of daily DDOS attacks by tracking multiple botnets and DDOS-for-hire services that leverage millions of abused or compromised devices.
Resources:
- Download the NETSCOUT’s DDoS Threat Intelligence Report H2 2025
- See real-time DDoS attack stats and insights by visiting NETSCOUT Cyber Threat Horizon
About NETSCOUT
NETSCOUT SYSTEMS (NASDAQ: NTCT) protects the connected world from cyber attacks and performance and availability disruptions through its unique visibility platform and solutions powered by its pioneering deep packet inspection at scale technology. NETSCOUT serves the world’s largest enterprises, service providers and public sector organisations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, X or Facebook.
About ITWeb Security Summit 2026
ITWeb Security Summit 2026 will be held at Century City Conference Centre, Cape Town on 26 May 2026 and at Sandton Convention Centre in Sandton, Johannesburg from 2-4 June 2026.
Themed: ‘Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap’, the 21st annual edition of Security Summit will continue in its tradition of bringing leading international and local industry experts, analysts and end-users together to delve into the specific threats and opportunities facing African CISOs, security specialists, GRC professionals and anyone else who is responsible for securing their organisation from cyber attacks.
Register today. Visit here for Cape Town or here for Johannesburg.
Share
