Think DDoS attacks are bad now? Wait until hackers start using AI assistants to coordinate attacks, researchers warn
The use of AI in DDoS attacks would change the game for hackers and force security teams to overhaul existing defenses
Cyber criminals are increasingly relying on AI chatbots and automation tools to wage devastating DDoS attacks, according to analysis from Netscout.
Research as part of a multi-series report on the DDoS-for-hire landscape, first published in December 2024, highlighted a “three-year transformation” in this area of the cyber crime ecosystem as a result of automation.
In a recent follow-up blog post, Richard Hummel, director of threat intelligence at NetScout, said this has already “democratized sophisticated cyber attacks” by giving threat actors easier access to an array of powerful tools.
“The services evolved from simple point-and-click interfaces to automated platforms featuring API integration, reconnaissance tools, and adaptive attack capabilities,” Hummel noted.
Now, the company has warned that the influx of AI assistants and chatbots represents the next step in the evolutionary path for DDoS attackers - and it’s a problem many organizations are completely oblivious to.
“The DDoS-for-hire ecosystem already has embraced automation extensively,” Hummel wrote.
“NETSCOUT’s research revealed services offering automated attack scheduling, real-time parameter adjustment, and sustained campaign management with minimal human oversight.”
Platforms used by hackers are now capable of executing “multi-vector attacks” that are able to adapt to and circumvent defensive countermeasures, Hummel noted, and enable them to wage “carpet-bombing attacks across entire subnets”.
With the addition of AI assistants, threat actors may be able to take things up a notch, transforming capabilities from “automated to truly intelligent”.
For example, he suggested that rather than users being forced to understand attack vectors or network protocols, they can use AI assistants to detail their objectives and plans using natural language prompts.
“I want to take down my competitor’s website during their Black Friday sale,” Hummel cited as an example prompt. Thereafter, researchers noted that the AI assistant could hypothetically conduct target reconnaissance and vulnerability assessments.
AI tools could also be used for “optimal timing selection” to ensure an attack hits a target organization when it’s most vulnerable.
AI will further democratize DDoS-for-hire
Hummel warned that the influx of AI assistants in this cyber criminal domain will likely have a democratizing effect, enabling lower-level hackers and those without the technical expertise to wage highly effective attacks.
DDoS-for-hire services have already lowered the bar in this regard, researchers noted, but adding conversational AI tools would “eliminate remaining barriers entirely”.
There have been notable examples of threat actors using AI tools to ramp up operations. Earlier this year, research from Abnormal Security showed hackers were using a chatbot dubbed ‘GhostGPT’ to help write malware.
Other ‘Hackbot as a Service’ offerings, such as WormGPT, were already on the scene in 2023 offering subscription services for hackers to help write phishing emails and conduct business email compromise (BEC) attacks.
What this means for defenders
The evolution of the DDoS-for-hire landscape means enterprises across a range of industries could be facing a looming onslaught of attacks, Hummel warned.
“Organizations must recognize that traditional DDoS defenses designed for predictable, signature-based attacks will prove inadequate against AI-coordinated campaigns,” he wrote.
“AI-enhanced attacks could analyze defensive responses in real time, identify rate-limiting thresholds, mimic legitimate traffic patterns, and coordinate multi-vector attacks that evolve faster than human defenders can respond.”
With this in mind, Hummel said security teams will be forced to update defensive strategies – and it’s something they should be preparing for ahead of the first wave of confirmed AI-based attacks.
Naturally, fighting AI with AI in this instance will likely be the go-to approach for many security teams.
Hummel specifically highlighted machine learning-based detection and response systems as a key tool in the armory for cyber practitioners here, largely due to the speed advantage that they will provide teams responding to incidents.
Teams will also have to “rethink incident response” and improve threat intelligence sharing across the cybersecurity community to raise awareness of potential risks or incidents.
“Traditional playbooks assuming human-speed attacks must be replaced with autonomous response capabilities that can adapt at machine speed,” Hummel noted.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- DDoS attackers are pouncing on unpatched vulnerabilities
- How to recover from a DDoS attack – and what they can teach businesses
- Application layer DDoS attacks are skyrocketing – here's why
-
Tomorrow's fraud techniquesITPro Podcast Leaders need to proactive as attackers launch more consistent, sophisticated attacks
-
Met Office hails huge efficiency gains in first year of cloud supercomputing with Microsoft AzureNews In moving to the cloud, the Met Office has bolstered operational resilience and helped to deliver more accurate forecasts
-
CrowdStrike says AI is officially supercharging cyber attacks: Average breakout times hit just 29 minutes in 2025, 65% faster than in 2024 – and some attacks take just secondsNews Cyber criminals are actively exploiting AI systems and injecting malicious prompts into legitimate generative AI tools
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Harnessing AI to secure the future of identityIndustry Insights Channel partners must lead on securing AI identities through governance and support
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
AI is “forcing a fundamental shift” in data privacy and governanceNews Organizations are working to define and establish the governance structures they need to manage AI responsibly at scale – and budgets are going up
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
