DDoS attack report for the first 6 months of 2025 in Vietnam

Latest Update: 25/09/2025

DDoS attack report for the first 6 months of 2025 in Vietnam

In the context of rapid digital transformation, online infrastructure has become a critical foundation for businesses to expand markets, optimize operations, and serve customers more efficiently. Alongside these opportunities, the risks from cybersecurity threats—particularly Distributed Denial of Service (DDoS) attacks—are becoming increasingly severe, both in scale and sophistication. With low execution costs and easy access to tools on underground markets, today’s attacks not only overwhelm bandwidth but also combine multi-layer methods (3/4/7), directly targeting applications, APIs, and payment systems, leading to service disruptions, financial losses, and reputational damage. This report consolidates data from the VNIS – VNETWORK Internet Security system during the first half of 2025, with comparisons to the same period in 2024 and the global landscape. The analysis covers attack scale and methods, affected industries, attack origins, and real-world case studies. From there, it provides strategies and recommendations for cybersecurity defense to help enterprises maintain stable operations in an increasingly volatile digital environment.

What is DDoS and why is it dangerous?

A DDoS (Distributed Denial of Service) attack is a form of cyberattack aimed at disrupting or halting the availability of online services such as websites, applications, or APIs. Hackers leverage massive traffic volumes from multiple sources (botnets) to overload the target server, rendering it incapable of serving legitimate users.

Common targeted layers:

  • Layer 3–4 (Network & Transport): Attackers use spoofed IP/TCP/UDP packets to overwhelm bandwidth and connections.

     
  • Layer 7 (Application): Flooding requests directly into websites, APIs, or DNS services, exhausting CPU, RAM, and databases, quickly rendering systems inoperative.
     

Why DDoS is particularly dangerous:

  • Low cost, easy to launch via “DDoS-for-hire” services.
     
  • Major financial impact: downtime leads to revenue loss, reputational damage, and high recovery costs.
     
  • Hard to detect and mitigate due to botnets, spoofed IPs, and multi-vector approaches.
     
  • Often a precursor for deeper attacks such as data breaches or malware injection.

See more: 

Overview of the first half of 2025

  • 256,000 DDoS attacks in Vietnam: This figure rose by 87,000 compared to the same period in 2024 (+51%), averaging 42,700 attacks per month. The surge reflects increasingly intense attack frequency, posing significant challenges to enterprise IT infrastructure.
     
  • 1.2 Tbps – the largest recorded attack: Massive traffic generated from global botnets demonstrates the strength of cybercriminal networks. At this scale, most enterprise infrastructures can be taken offline within minutes without dedicated defenses.
     
  • Protocol attacks account for 32% of total: 59,572 such attacks were recorded, primarily exploiting vulnerabilities in network protocols or system resources. These attacks deplete CPU, memory, and server connections without requiring large bandwidth, making them highly disruptive and difficult to counter.
     
  • The financial sector remains the No.1 target at 34%: Due to heavy reliance on uninterrupted online transactions and high-value operations, financial and securities institutions are prime targets for DDoS campaigns, with significant risks of service disruption and loss of investor trust.
     

Compared with global trends, the volume of attacks in Vietnam shows irregular fluctuations month by month, indicating constant experimentation and vector shifting by attackers.

so-luong-tan-cong-trong-6-thang-dau-nam-2025.png
 

Emerging trends: AI-driven DDoS and ransom attacks

One of the most notable findings is the sharp increase in AI-powered DDoS attacks. In the first half of 2025:

  • 46% of total DDoS incidents in Vietnam (over 117,000 attacks) involved AI.
     
  • AI enables attackers to automatically change vectors, mimic legitimate user behavior, optimize botnets, and sustain prolonged pressure—making traditional defenses ineffective.
     

Additionally, Ransom DDoS (RDoS) incidents spiked. In Q1/2025, nearly 15,000 cases were reported—3.7 times higher than the same period in 2024—demonstrating how hackers exploit periods when businesses are highly dependent on digital infrastructure to demand ransom payments.

tan-cong-ddos-bang-ai.png

Case study: Securities firm suffers losses of over 200 billion VND

A major securities firm in Vietnam was targeted by a massive DDoS attack, peaking at 1.2 Tbps and over 720,000 RPS.

  • Within just 4 hours of downtime, the company lost an estimated 200 billion VND in transaction fees.
     
  • More than 86% of trading orders were disrupted or delayed, severely affecting market liquidity and investor confidence.

After integrating the VNIS solution, the system was restored within 5 minutes, blocking 99.997% of malicious traffic while preserving legitimate transactions.

Forecast and recommendations for enterprises

The report highlights key warnings for the second half of 2025:

  • Attacks projected to rise by 32%, especially during IPOs, promotions, or peak consumer events.
  • Attacks exceeding 1 Tbps will become commonplace rather than rare scenarios.
  • Targeting of APIs and payment systems will continue to increase, directly threatening core services.

Recommendations for enterprises:

  • Implement real-time traffic monitoring (SOC/IDS) and conduct regular incident response drills.
  • Integrate DDoS into strategic risk management, not merely a technical concern.
  • Invest in multi-layer DDoS protection (Layer 3/4/7), with additional DNS and API safeguards such as multi-DNS, API Gateways, and strong authentication.
  • Adopt multi-cloud and multi-region strategies to avoid single points of failure.
     

View and download the full report

To proactively protect digital infrastructure, maintain service continuity, and safeguard brand reputation, enterprises need a comprehensive cybersecurity solution. VNIS – the Web/App/API security platform from VNETWORK is built to meet this demand, offering large-scale infrastructure, advanced defense technologies, and a dedicated team of experts on standby. This foundation allows enterprises to focus on growth while VNIS ensures the safety of systems and brand.

Contact VNETWORK for consultation:

  • Website: vnetwork.vn
  • Email: contact@vnetwork.vn
  • Hotline: +84 (28) 7306 8789

RELATED POST

Sitemap HTML