How to defend against the rising threat of advanced DDoS attacks

In 1996, a New York-based Internet service provider became the first target of a major distributed denial-of-service (DDoS) attack. They were shut down for 36 hours. Since then, DDoS has remained a favored tactic of cybercriminals. But with the advent of AI, DDoS attacks have become both more common, and harder to stop. In the first quarter of 2025 alone, DDoS attacks skyrocketed by 358%. Further, the proportion of successful DDoS attacks that caused actual downtime rose by 53%. 

A DDoS attack is a form of cyberattack in which multiple compromised computer systems attack a target and cause a denial of service. It sends a flood of incoming messages, connection requests, or malformed packets to the targeted system. This forces the application, website or network to slow or shut down entirely. This denies service to legitimate users or systems — hence the name. These attacks are often orchestrated via bots. 

DDoS used to mean the overwhelming of targets with massive amounts of traffic. But now, DDoS attacks have evolved into much more precise attacks, and this development can be mostly credited to AI.

AI can be used to support data analysis that can identify weak points in a given digital infrastructure, which may have been hidden from previous searches using more traditional detection methods. AI can also launch multi-vector attacks with precise timing and volume control and adjust tactics on the fly based on cyberdefense response.

AI and human behavior 

AI-driven bots are becoming increasingly capable of mimicking human behavior, making it more difficult for automated filters to identify malicious traffic. The result is a new generation of attacks that are harder to detect and harder to stop.

A recent wave of DDoS attacks has introduced a significant variable into the cybersecurity equation. Attackers are now taking application-based approaches to DDoS, often exploiting business process or logic flaws. Further, the automation of DDoS attacks powered by AI can now be generated and launched with ease, which is increasing the scale of attacks being able to be launched. 

DDoS attacks are often mistakenly dismissed as simple disruptions, but they can play a critical role in larger cyberattack campaigns. Beyond overwhelming systems, these attacks can serve as a smokescreen for other malicious activities, such as reconnaissance, data exfiltration or the deployment of malware. With AI acting as a force multiplier, even unskilled cybercriminals can amplify the scale and sophistication of their efforts, transforming basic botnets into adaptive, resilient attack networks.

The best DDoS defense: fighting AI with AI 

Cyberdefense tactics and tools need to be able to quickly find data that appears to have come from a known botnet or piece of malware. They also need to rapidly spot actions that can only be done by software. These may be spotted if the traffic behaves in a way that isn’t natural, like mouse movements, keystrokes, or visitation trends that are not in the normal range expected. Further, a good bot defense should also be able to tell if traffic tried to directly access the application interface (API) when it wasn't supposed to, or if it attempted to stop the normal signal collection from occurring.

The best cyberdefense solutions should employ precise, client-specific traffic evaluation and targeted IP-address cleansing using machine learning and AI. These solutions should deliver targeted scrubbing that eliminates the performance impact on non-affected traffic, while continuing to run automatic threat detection and proactive resolution of volumetric attacks across your internet connections.

As AI continues to evolve, the cybersecurity community faces a pressing challenge: addressing the dual-use nature of these technologies. While AI holds immense potential for innovation, its exploitation by cybercriminals underscores the urgency of developing proactive defenses that can anticipate and counter these new AI-assisted threats.

How Spectrum Business can help

Powered by Radware, DDoS Protection from Spectrum Business applies cloud-based intelligence to quickly evaluate your expected network activity and identify threats attacking your Dedicated Fiber Internet or Secure Dedicated Fiber Internet service. Attack mitigation and traffic rerouting begin automatically to help keep your resources available.

Secure Dedicated Fiber Internet combines dedicated fiber and advanced security, backed by a 100% uptime SLA guarantee, for fast, reliable connectivity. This networking solution delivers built-in threat protection, professional installation, continuous maintenance, and 24/7/365 US-based support, ensuring your business stays connected and protected effortlessly.

Our Secure Access with Cisco Duo and Cloud Security with Cisco+ Secure Connect offerings are designed to help clients provide their employees with safe and secure access to information and applications on private networks or public clouds, while integrating seamlessly with managed network offerings.