DDoS Attacks Surge In MENA

DDoS attacks across the Middle East and Africa surged 138 percent in 2025, with nearly 2.8 million incidents mitigated during the year, according to a new report by StormWall, a provider of distributed denial-of-service protection services.

The figure marks a sharp rise from the 1.2 million attacks recorded in 2024, underscoring a rapidly escalating threat landscape in one of the world’s fastest digitalising regions. StormWall said the growth was initially driven by hacktivist activity linked to geopolitical tensions in the first half of the year, before shifting toward financially motivated campaigns and business disruption attacks in the second half.

Finance remained the most targeted sector for the second consecutive year, accounting for 19 percent of all DDoS incidents in the region. Although its share dropped from 34 percent in 2024, the overall volume of attacks against financial institutions more than doubled year-on-year, growing 126 percent. The entertainment sector followed at 16 percent, up from 7 percent the previous year, while retail accounted for 14 percent of attacks, reflecting a 118 percent annual increase.

The report shows that three countries accounted for nearly half of all DDoS activity in the region. Saudi Arabia was the most targeted, representing 22 percent of total attacks, followed by the United Arab Emirates at 17 percent and Iran at 12 percent. StormWall noted that while attacks were still concentrated in major economic hubs, distribution across the region became more even compared to 2024.

Attack techniques are also becoming more sophisticated. Multi-vector attacks, in which threat actors combine several methods simultaneously such as volumetric floods and application-layer attacks, accounted for 34 percent of incidents in 2025, up 92 percent year-on-year. Carpet bombing attacks, where traffic is spread across a wide range of IP addresses within a subnet to evade detection, increased 63 percent. Probing activity, used to test a target’s defences before launching a full-scale attack, rose 2.5 times and made up 18 percent of incidents.

Botnet power has grown significantly. The average botnet size in the region expanded fourfold, from around 7,000 devices in 2024 to 28,000 in 2025. StormWall identified the rise of large-scale DDoS-for-hire services such as AISURU, which reportedly controls between one and four million infected devices and was responsible for record-breaking attacks globally, including incidents peaking at 11 Tbps and 6.3 Tbps. Another botnet, Kimwolf, discovered in October 2025, issued 1.7 billion DDoS commands over three days in November.

The most powerful attack mitigated by StormWall in MENA reached 1.4 Tbps and targeted a UAE-based financial services provider during the second quarter. The average attack duration in the region was 27 minutes, slightly below the global average of 31 minutes.

“MENA countries are rapidly digitalising and are often early adopters of new technologies, investing heavily in projecting a forward-looking national image through innovation. That visibility makes the region an attractive target for opportunistic attackers,” said Ramil Khantimirov, CEO and co-founder of StormWall. He warned that basic DDoS protection is no longer sufficient for businesses operating in the region, as adversaries increasingly deploy advanced tools and techniques.

StormWall estimates that if current trends continue, the number of attacks it mitigates in MENA alone could exceed six million by the end of 2026. Globally, around 40 million DDoS attacks occur each year, with roughly half of organisations experiencing at least one such incident annually, highlighting the scale and persistence of the threat.