DDoS and sustained DNS pressure: what security teams need now

TL;DR: Sustained internet demand, higher DNS noise, and longer, more automated DDoS activity defined the end of 2025, with attackers increasingly using prolonged pressure rather than brief spikes to stress infrastructure, according to DigiCert. That shifts resilience from burst handling to continuous operations across DNS, network, and application layers.

NHIMG editorial — based on content published by DigiCert: Q4 2025 RADAR Threat Intelligence Brief

Questions worth separating out

Q: How should security teams defend against sustained DDoS pressure instead of short spikes?

A: Security teams should design for prolonged saturation, not just burst absorption.

Q: Why do sustained DNS anomalies matter for IAM and trust services?

A: DNS anomalies matter because authentication, certificate validation, and service discovery depend on reliable name resolution.

Q: What do security teams get wrong about low-and-slow application probing?

A: They often focus on volume thresholds and miss the value of repeated, small tests.

Practitioner guidance

• Harden DNS monitoring for persistent abuse Track NXDOMAIN spikes, automated lookup failures, and repeated scanning as steady-state indicators, not just incident spikes.
• Test long-duration DDoS playbooks Run exercises that last long enough to stress staffing, escalation, and mitigation handoffs.
• Tune application-layer detection for low-and-slow probing Look for repeated cookie manipulation, small request variations, and sustained request patterns that test application behaviour over time.

What's in the full analysis

DigiCert's full report covers the operational detail this post intentionally leaves for the source:

• Quarter-by-quarter DNS and application telemetry that shows how sustained load evolved across Q4.
• The underlying network-event analysis used to distinguish traffic growth from hostile probing.
• Examples of attack patterns observed across DNS, UltraDDoS Protect, and UltraWAF.
• The vendor's supporting discussion of Aisuru and Kimwolf botnet pressure.

👉 Read DigiCert's Q4 2025 RADAR brief on sustained DDoS and DNS pressure →

DDoS and sustained DNS pressure: what security teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →