The Middle East and North Africa (MENA) region experienced an unprecedented 236 percent surge in Distributed Denial-of-Service (DDoS) attacks in the second quarter of 2025, marking the highest volume of such attacks ever recorded in the region, according to a new threat report from StormWall.
The spike in attacks coincides with rising geopolitical tensions, particularly amid the ongoing regional conflicts, which have prompted an aggressive response from hacktivist groups.
According to StormWall’s analysis, hacktivists were responsible for 73 percent of all malicious traffic during the quarter, with government infrastructure being the most heavily targeted.
Read: UAE thwarts 634 cyberattacks on public, private entities
Geopolitical conflicts fuel cyber threats
StormWall, a cybersecurity company with over 5 Tbps of filtering capacity spread across its dedicated Middle East scrubbing centers, reported that Q2 2025 saw a major shift in both the methods and targets of DDoS attacks.
Shift toward sophisticated attack vectors
Among the most notable trends:
API-layer attacks increased by 162 percent, indicating a growing preference among attackers for more targeted, application-level disruptions.
Probing attacks rose ninefold, a significant jump in reconnaissance efforts used to identify system vulnerabilities before full-scale attacks are launched.
These advanced techniques are proving to be highly efficient. While API attacks now average just 4.7 Gbps in traffic, they can cripple services using only 12 percent of the volume required by traditional DDoS floods.
HTTP floods were the most commonly used vector for API-targeted attacks, accounting for 48 percent of all methods. Attackers relied on botnets comprising an average of 140,000 compromised devices to execute these attacks.
Key sectors and nations under fire
The financial sector emerged as the most targeted industry, absorbing 38 percent of all cyberattacks in the region — a 26 percent year-on-year increase.
Government services followed at 16 percent, up 53 percent from the previous year, while the telecoms sector accounted for 14 percent of attacks.
Geographically, Saudi Arabia was the most targeted country, receiving 22 percent of all attacks. Israel’s share rose sharply, increasing from 11 percent in Q1 to 19 percent in Q2, while Iran also saw a modest increase from 16 percent to 17 percent.
“Attackers used to rely on a lot of traffic, but now they’re going after specific targets,” says Ramil Khantimirov, founder of StormWall. “This takes 88 percent less traffic to have the same impact. It has become very important to review and update DDoS defenses to maintain a good security posture.”
Rising challenge for cyber defenders
StormWall warns that the growing complexity and scale of attacks are placing significant strain on regional cybersecurity defenses. The increased use of API-level threats and reconnaissance attacks reflects a shift toward precision-based, low-volume tactics that are harder to detect and mitigate.
As geopolitical instability persists, the MENA region is likely to remain a hotbed for cyber warfare, requiring both governments and businesses to rapidly enhance their cybersecurity posture and prepare for increasingly sophisticated threats.
