Russia ranks high in bot-generated web traffic
In the digital world of 2025, the landscape of Distributed Denial of Service (DDoS) attacks has undergone a significant transformation. The surge in DDoS attacks is driven primarily by the use of AI-powered tools, increased activity from politically motivated actors, and a shift towards more targeted and sustained attacks.
The first half of 2025 saw a 39% increase in DDoS attacks compared to the latter half of 2024. Notably, the focus has shifted from massive volumetric attacks to smaller, sustained ones under 100,000 requests per second, reflecting automation and generative AI use among attackers. Peak attack volumes still reach very high levels for the most capable adversaries. Network-layer (L3/L4) DDoS attacks also surged sharply, by 85.5% compared to H2 2024.
One of the major factors contributing to this increase is the use of AI-driven enhancements. Attackers use AI to conduct live reconnaissance, dynamically adapt attack vectors, and evade legacy defenses. This has caused a 358% increase in AI-driven DDoS incidents in early 2025 and a 53% rise in attacks causing actual downtime.
Another factor is the democratization of attack tools. The availability of automated, AI-enhanced DDoS tools enables loosely coordinated and new threat actors to launch attacks, increasing volume and persistence.
Rising geopolitical tensions also fuel hacktivist campaigns and nation-state cyber operations targeting critical infrastructure, especially in conflict zones.
In the context of Russia, the country accounts for approximately 15% of worldwide cyberattack traffic, with many attacks linked to highly organized, politically motivated groups. Russian DDoS attacks often target critical infrastructure in NATO countries and European ports supporting Ukraine, reflecting political and military objectives. Attack types include ransomware, data theft, and DDoS, with a focus on disruptive, high-impact operations rather than just broad volume. Russian actors have become more aggressive and destructive, leveraging sophisticated tools and persistent campaigns as part of state or hacktivist agendas.
The most frequently targeted sectors by bots are telecommunications, the financial sector, and retail with e-commerce. These activities can lead to financial losses, service disruptions, and reputational risks. Bots are used not only for DDoS attacks but also for vulnerability scanning, password guessing, spam and phishing.
According to reports by Andrei Duguin, head of RED Security's cybersecurity center, and Anastasia Afonina, General Director of "Webmonitorex", the number of DDoS attacks increased fourfold and exceeded 69,000 in the first six months of 2025. The volume of malicious bot traffic globally increased by 80% on average.
Organizations in the entertainment sphere - concert venues, cinemas, ticket offices - have appeared among the targets for DDoS attacks for the first time. Mass automation of attacks, development of AI, increase in IoT devices vulnerability, spread of DDoS-as-a-Service, geopolitical conflicts, and hacktivism are main drivers of bot traffic growth.
As the world grapples with these challenges, it becomes increasingly important for organizations to invest in robust cybersecurity measures to protect against these sophisticated attacks.
Cybersecurity measures have become essential for organizations in the wake of the increasing number of DDoS attacks, as the use of AI-driven enhancements by attackers has led to a 358% increase in AI-driven DDoS incidents and a 53% rise in attacks causing actual downtime. The technology sector, particularly in entertainment, has recently seen an increase in DDoS attacks, with concert venues, cinemas, and ticketing offices becoming targets.
