In the recently released Q3/2025 DDoS Attack Report, Viettel Cyber Security (VCS) revealed that the Viettel Anti-DDoS system recorded the sharpest increase in DDoS attacks since the beginning of the year. The report also highlights the emergence of new tactics, such as IP range attacks, DNS resource exhaustion, and the exploitation of large-scale IoT botnets.
Beyond the latest statistics, the 40-page report delves into the evolving trends and techniques employed by hackers both domestically and globally. This in-depth analysis aims to help organizations and businesses better understand the current DDoS threat landscape, enabling them to proactively plan defensive measures.
Surge in Attacks with Advanced Techniques
DDoS (Distributed Denial of Service) attacks overwhelm websites or online services with massive volumes of fake traffic, causing slowdowns or complete system failures. Despite being a decades-old threat, DDoS remains one of the most prevalent and impactful forms of cyberattack, with an increasingly dangerous trajectory.
In Q3/2025, Viettel Anti-DDoS recorded an average of at least twice as many attacks per month compared to the same period in 2024. Notably, September 2025 saw nearly six times more attacks than September 2024, totaling over 280,000 incidents. VCS experts attribute this surge to hackers combining multiple techniques, leveraging IoT devices, and utilizing DDoS-for-hire services to scale their attacks.
“The continuous rise in DDoS attacks reflects their current characteristics: higher frequency, targeted intent, and meticulously calculated timing,” VCS experts noted.
Monthly DDoS attacks in the first three quarters of 2024 and 2025 (Source: Viettel Anti-DDoS)
One of the most notable developments is the rise of Carpet Bombing, a technique that distributes traffic across an entire IP range instead of targeting a single address. While individual IPs experience low traffic, the cumulative bandwidth can reach tens or hundreds of Gbps, overwhelming systems and rendering traditional threshold-based defenses ineffective.
Alongside Carpet Bombing, Q3 in Vietnam saw the resurgence of bandwidth-flooding techniques like UDP Flood and DNS/NTP Amplification, which exploit public servers to amplify traffic. TCP-based attacks accounted for over 70% of all incidents, with the most intense attack on September 13 peaking at nearly 500 Gbps. Primary targets included IT companies, hosting providers, and digital entertainment platforms.
Another emerging trend is DNS Water Torture, where attackers send meaningless subdomain queries to DNS resolvers. Although this technique doesn’t generate high bandwidth, it forces DNS Authoritative servers to process continuous requests, leading to rapid overload and disrupting services. This shift underscores hackers’ efforts to evade traditional filtering measures.
“Many businesses only detect attacks when firewalls or load balancers freeze, rather than identifying signs of unusual traffic,” VCS experts observed.
Global Trends Impacting Vietnam
As one of Vietnam’s pioneering cybersecurity firms with a global presence, VCS includes comprehensive analyses of international DDoS attacks in its report. This empowers local cybersecurity teams to anticipate and mitigate potential threats.
In Q3, global infrastructure faced record-breaking attacks peaking at 22.2 Tbps and 11.5 Tbps. These campaigns primarily originated from large-scale IoT botnets, which compromised over 300,000 devices within months by exploiting firmware vulnerabilities. Simultaneously, global crackdowns dismantled botnet networks responsible for 370,000 attacks in four months. Experts highlight that DDoS-for-Hire services, costing as little as a few dozen USD, remain a key driver of the surge in attacks, including in Vietnam.
HTTP/2 MadeYouReset, a RapidReset variant, is another notable technique analyzed in the report. This method exhausts web server resources by processing multiple parallel data streams, signaling a shift from bandwidth-based attacks to application-layer exploitation.
“The current trend shows a transition from large-bandwidth attacks to application-layer attacks, mimicking user behavior to bypass traditional defenses,” VCS experts explained.
Both global DDoS trends and evolving attack patterns in Vietnam indicate a more complex cybersecurity landscape. Hackers are not only expanding botnets and leveraging IoT devices but also shifting focus to the application layer, where many businesses lack adequate protection. This heightens the risk of service disruptions, system compromises, and reputational damage, especially during peak year-end periods.
“Vietnam’s digital infrastructure resilience hinges on businesses proactively monitoring in real-time and deploying advanced defensive solutions rather than reacting post-incident,” VCS experts advised. They emphasize that multi-layered defense strategies, regular drills, and collaboration with specialized units are crucial for minimizing damage amid increasingly sophisticated attacks.
To provide in-depth insights for the cybersecurity community, Viettel Cyber Security will release its DDoS Attack Report quarterly. Businesses and organizations can access and download the report from VCS’s official website to stay updated on the latest trends and better prepare for escalating threats.
“Make in Vietnam” Goes Global: Vietnamese Defense Tech Firms Partner with UAE Giants to Launch OEM Model
Viettel and EDGE are collaborating to research and establish an OEM (Original Equipment Manufacturer) production model in Vietnam. This partnership focuses on manufacturing components, assemblies, and modules for EDGE’s product lines, leveraging local expertise and resources to drive innovation and efficiency.
Digital Transformation in Vietnam: A 5-Year Journey Toward a Cashless Future
After five years of implementing the “National Digital Transformation,” Vietnam has made significant strides in building a robust digital economy. Mastercard stands as a pivotal partner, collaborating with the government, financial institutions, and businesses to advance electronic payments, broaden accessibility, and strengthen trust in the digital payment ecosystem.
Unmasking Cyber Scams: Identifying Trends and Essential Prevention Strategies
In an era where online scams are becoming increasingly sophisticated and personalized, empowering community awareness stands as the most crucial defense.
Securing Digital Financial Security for Millions of Vietnamese: MB’s Commitment
“Financial security is the cornerstone of successful digital transformation,” MB emphasizes, highlighting the critical importance of robust cybersecurity in an era where cyber threats are increasingly sophisticated.
Fostering UK Business Collaboration in Fintech, Biometric Identity Verification, and Infrastructure Design
On the afternoon of October 31st (local time), in London, UK, Deputy Prime Minister Nguyễn Chí Dũng and the Government’s working delegation met and engaged with three leading European and global corporations: Revolut, iProov, and Cundall.
