At StormWall, we continuously monitor and analyze shifts in the global DDoS threat landscape across different regions. This report examines cyber threat activity in MENA and presents key findings, data, and insights into DDoS activity throughout 2025.
You might also want to read our global 2025 DDoS report.
Key Takeaways
In 2025, DDoS attacks in MENA increased by 138% year over year.
During the first half of the year, the growth was primarily driven by hacktivist activity linked to regional geopolitical tensions. In the second half, however, financially motivated attacks became more common — especially extortion campaigns and operations aimed at business disruption.
This shift reshaped the industry-targeting landscape. Government institutions and critical infrastructure were targeted more heavily in H1, while financial services and entertainment experienced increased attack activity in H2.
DDoS Protection for Websites
- Activate protection in 10 minutes
- 24/7 technical support
Let’s take a closer look at the key trends.
DDoS Attacks Up 138% YoY
StormWall mitigated 2.8 million DDoS attacks across its MENA network in 2025, compared to 1.2 million in 2024.
The average attack duration in MENA was 27 minutes, slightly below the global average of 31 minutes. The most powerful attack mitigated in the region reached 1.4 Tbps, targeting a UAE-based financial services provider in Q2.
| Quarter | DDoS attacks mitigated | QoQ change |
| Q1 2025 | 440,000 | — |
| Q2 2025 | 640,000 | +45.5% |
| Q3 2025 | 760,000 | +18.8% |
| Q4 2025 | 960,000 | +26.3% |
Attack activity peaked in Q2, when the Israel–Iran confrontation escalated in June. This triggered a surge of hacktivist attacks targeting government portals, banks, and telecom providers across the region.
Following the Gaza ceasefire in October, politically motivated attacks — particularly those targeting Israel and Iran — declined sharply.
However, a reduction in hacktivist activity did not mean a drop in overall threats. Instead, the attack profile shifted. Financially motivated actors, particularly those conducting DDoS extortion campaigns, became more active. This change is reflected in the top three most targeted industries: finance, entertainment, and retail.
Multi-Vector Attacks: Up 92% YoY
Multi-vector attacks accounted for 34% of all DDoS incidents in MENA, making them the most common attack type in the region. Year over year, these attacks increased by 92%.
Multi-vector attacks are particularly difficult to mitigate because they require defending against multiple attack types simultaneously — including volumetric floods, protocol exploitation, and application-layer attacks. This stretches security resources and increases the likelihood that one vector may bypass defenses while attention is focused elsewhere.
Carpet Bombing: Up 63% YoY
This technique is dangerous because attackers distribute traffic across a wide range of IP addresses within a target’s subnet rather than focusing on a single host. As a result, per-IP rate limiting and threshold-based detection mechanisms may not trigger alerts, even though the cumulative traffic volume is sufficient to exhaust network resources.
Probing: Up 2.5x YoY
Probing is a reconnaissance technique in which attackers send low-volume traffic to test a target’s defenses before launching a full-scale attack.
In MENA, probing activity increased 2.5× year over year, accounting for approximately 18% of all attacks in the region. This is slightly below the global average of 25%, according to StormWall data.
Botnet Power Increased 4×
In 2024, the average botnet consisted of approximately 7,000 devices. By 2025, that number had grown to 28,000 devices.
Several highly dangerous botnets became active in 2025, and StormWall has been actively mitigating their attacks. The most prominent is AISURU, a DDoS-for-hire service controlling an estimated 1–4 million infected devices.
AISURU was responsible for several record-breaking attacks in 2025, including one that peaked at 11 Tbps and another at 6.3 Tbps. Experts believe the botnet is capable of launching even larger attacks, which may emerge in 2026.
Another significant threat is Kimwolf, discovered in October 2025. It consists of approximately 1.8 million devices. Between November 19 and 22, it executed 1.7 billion DDoS commands in just three days.
Botnets — particularly those operating as DDoS-for-hire services — have become significantly more widespread. This trend is partly driven by malicious AI tools such as WarmGPT, which enable attackers to build and manage attack infrastructure using natural-language commands.
DDoS Attacks by Vertical
Here is the distribution of DDoS attacks by industry in MENA in 2025:
Industries with highest YoY growth in DDoS attacks:
Top 3 Most Attacked Verticals
Let’s look at the top-3 most attacked verticals in more detail.
1. Finance
For the second consecutive year, finance remained the most targeted sector in MENA. Although its relative share decreased from 34% in 2024 to 19% in 2025, the total volume of attacks more than doubled year over year.
UDP floods and HTTP attacks accounted for over 57% of malicious traffic:
Attacks targeting financial organizations were heavily concentrated in major MENA economies:
- UAE: 39%
- Saudi Arabia: 31%
- Bahrain: 12%
- Other countries: 18%
This geographic concentration reflects broader industry trends in cyber threats. The Check Point Financial Threat Landscape Report 2025 also highlights a strong clustering of attacks in areas affected by geopolitical tensions. According to the report, Israel ranked first globally in terms of the share of attacks targeting the financial sector (16.6%), while the UAE placed among the top three countries worldwide by total number of incidents.
Taken together, these findings confirm that financial institutions across the Gulf and the Levant remain on the front lines of the cyber battlefield.
2. Entertainment
The entertainment industry saw one of the largest increases in attack activity, rising from 7% in 2024 to 16% in 2025.
Streaming platforms, online gaming services, and eSports tournaments are lucrative targets for extortion campaigns — a pattern that intensified in the second half of the year.
These platforms are especially vulnerable to DDoS attacks because even minor latency can disrupt user experience. A slight delay in e-commerce may go unnoticed, but in an eSports match, it can render gameplay impossible.
This trend is expected to continue into 2026, making enhanced protection essential for businesses in this sector.
3. Retail
Retail accounted for 14% of all DDoS attacks in MENA, with volumes more than doubling year over year. Saudi Arabia accounted for approximately 42% of retail attacks in the region, while 35% targeted the UAE — both leading e-commerce markets experiencing rapid digital growth.
On a technical level, the following attack types were the most common ones mitigated by StormWall:
DDoS Attacks by Country
Here is how DDoS attacks were distributed by country in MENA in 2025:
Three countries — Saudi Arabia, the UAE, and Iran — accounted for 49% of all DDoS attacks in MENA. However, attack distribution became more balanced compared to previous years. For example, Saudi Arabia’s share declined from 26% in 2024 to 22% in 2025.
Summary
If current trends continue, the number of attacks mitigated by StormWall in MENA alone could exceed 6 million by the end of 2026 — and this reflects only the attacks directly observed across StormWall’s network. For context, approximately 40 million DDoS attacks occur globally each year.
“The threat landscape in MENA is evolving faster than ever. It’s not just that attacks are increasing — attacker tactics are fundamentally changing. Cybercrime has become more professional, with massive AI-powered botnets like AISURU now in play. As a result, even mid-sized businesses are facing threats that used to target only the largest enterprises. Going into 2026 without strong, adaptive DDoS protection isn’t just risky — it’s a serious strategic vulnerability,” says Ramil Khantimirov, Co-founder and CEO of StormWall.
According to industry surveys:
- Around 50% of organizations experience at least one DDoS attack annually
- More than 35% of affected organizations report attacks occur monthly or more frequently
At this pace, it is reasonable to expect that 60–70% of companies could be targeted by 2026. In such an environment, operating without DDoS protection becomes an extremely high-risk decision.
If you are currently evaluating DDoS protection solutions, our team is ready to help — reach out to discuss your needs.
Network Protection from DDoS Attacks
- Activate protection within 10 minutes
- 24/7 technical support
