MENA Experiences Highest DDoS Attack Volume: New Record

StormWall, a cybersecurity company focusing on DDoS protection and operating dedicated scrubbing centres in the Middle East with a combined filtering capacity of over 5 Tbps, analysed attack patterns across its regional network during the first six months of 2025.

According to their latest report, The MENA region experienced a 216% surge in DDoS attacks during the first half of 2025, with 12.4 million total incidents marking the highest attack volume in the region’s history.

In the first three months of 2025 alone, there were 5.6 million DDoS attacks, which is almost the same as the total for 2024 (5.8 million). In the next three months, there were 6.8 million incidents, which is more than the previous year.

This increase is a result of rising political tensions between Israel and Palestine, and Iran and Israel, which have fueled a wave of hacktivism across the region, StormWall’s report says.

On a technical level, StormWall analysts found that multi-vector attacks increased by 97%, compared to the same period last year, and now account for 57% of all incidents, while probing attacks designed to identify vulnerabilities before main campaigns jumped by 350%. The average botnet sizes grew to approximately 140,000 devices and over 80% of API attacks now leverage these networks. The largest recorded attack reached 1.8 Tbit/s targeting a UAE bank.

In terms of the sectors most frequently targeted, the financial sector topped the list (26% share, 206% year-on-year increase). This was followed by the telecommunications sector (21% share, 196% year-on-year increase) and the government sector (18% share, 184% year-on-year increase). Notably, 12% of DDoS attacks targeted gaming services as major gaming events took place across the Middle East.

Saudi Arabia was the most attacked country (21%), followed by the UAE (18%),  and then Qatar (16%).

‘Threat actors are learning to use probes to find weak spots,’ says Ramil Khantimirov, CEO and founder of StormWall. “This is not really a new strategy, but, in the past, we’ve only really seen this type of behaviour from state-sponsored groups and APTs, not amateur hackers. This means that a typical DDoS attack can cause much more damage and be harder to stop if you’re not prepared.