E-Paper
Sign In
UAE DDoS attacks triple in H2 2025 as campaigns grow longer and more complex
Average incident duration rose from 27 minutes in H1 to approximately 12 hours in H2, but rather than focusing only on attack size, the more important story in H2 is attack complexity and persistence
- PUBLISHED: Tue 24 Mar 2026, 6:00 AM
Distributed Denial-of-Service (DDoS) attacks on UAE organisations tripled in the second half of 2025, raising operational risk to digitally connected organizations and enterprises, a report showed.
According to Netscout’s latest Threat Intelligence Report, DDos incidents surged from 3,477 in H1 to 10,303 in H2, as attacks became dramatically more complex and persistent. The most sophisticated campaigns in H2 used up to 22 distinct vectors—nearly triple H1’s peak of eight—while average duration leapt from 27 minutes to roughly 12 hours.
Recommended For You
Average incident duration rose from 27 minutes in H1 to approximately 12 hours in H2, but rather than focusing only on attack size, the more important story in H2 is attack complexity and persistence, data showed.
“As well as showing attacks lasting far longer, the H2 data shows them involving a broader combination of techniques. Longer attacks place greater strain on mitigation teams, increase operational pressure over extended periods and raise the risk of service disruption for organisations that depend on continuous digital availability,” Gaurav Mohan, VP , APAC, India & Middle East, Netscout, told Khaleej Times.
Telecommunications and internet infrastructure providers remain highly targeted in the UAE. In the second half of 2025, wired telecommunications carriers recorded 6,368 incidents, followed by other telecommunications providers with 945 and computing infrastructure providers, including data processing, web hosting, and cloud services, with 825.
“These sectors are especially important because they support a large share of the UAE’s digital economy. Disruption affecting telecom or cloud infrastructure can have knock-on effects across business operations, public services, digital commerce and everyday online access. In a highly connected market such as the UAE, pressure on core connectivity layers can quickly be felt well beyond the directly targeted provider,” Mohan said.
A surge of more than 20,000 botnet-driven attacks in July 2025 exemplified how coordinated threat activity can rapidly overwhelm defences and disrupt critical government, finance, and transportation services.
Another important development in the second half as the widening of the target base. In the first half of 2025, activity was more concentrated around telecoms and digital infrastructure. By the second half of 2025, sectors such as retail, publishing and merchant wholesalers also appeared in the target set. That suggests disruption activity is expanding across a broader section of the economy, not remaining limited to traditional high-visibility infrastructure targets.
To mitigate these threats, organisations need continuous network monitoring so they can identify abnormal traffic patterns early and respond before an incident develops into a prolonged disruption, Mohan stressed. “When average attack duration moves from under half an hour to more than 12 hours, early detection becomes central to maintaining service continuity,” he added.
It was critical to engage in continuity planning against longer and more complex attack conditions. “Many response plans are built around short-lived incidents. Those plans should now be tested against sustained, multi-vector attacks that may change over the course of the event,” Mohan said.
Data indicates that disruption activity is reaching beyond core technology providers into a broader range of industries. “Organisations should map their digital dependencies carefully and account for how disruption affecting a service provider, carrier or cloud platform could affect their own operations,” Mohan said.
Associate Editor Somshankar Bandyopadhyay brings more than three decades of experience to the KT newsroom. Currently, he manages the news production of the business section, ensuring that the top economic and business news of the day reaches its readers.