A record-breaking botnet composed of 1.33 million internet-connected devices has been used to launch large-scale DDoS attacks, as global attack volumes continue to rise sharply. Security researchers say the size of the network rivals the population of small countries and highlights a growing threat stemming from outdated, unsecured devices—especially across developing nations.
Botnet of Unprecedented Scale Targets Betting Sector
On March 26, 2025, Qrator Labs identified a distributed denial of service (DDoS) attack powered by the largest botnet ever recorded. The attack, which lasted about 2.5 hours, targeted an undisclosed organization in the online betting industry.
According to Qrator Labs‘ report, the botnet consisted of 1.33 million compromised devices—nearly six times larger than the biggest known botnet of 2024, which had 227,000 nodes.
Over 51% of the devices were traced to Brazil. Other countries contributing significant botnet activity included Argentina (6.1%), Russia (4.6%), Iraq (3.2%), and Mexico (2.4%).
Geo-blocking Proves Ineffective Against Dynamic Botnets
Despite the heavy regional concentration, geo-blocking strategies remain unreliable. Botnet operators are often prepared to quickly rotate IP addresses and distribute attacks via alternate regions.
“Such attacks might appear mitigatable through geographic filtering, but in practice, threat actors are capable of adjusting tactics rapidly,” Qrator Labs noted.
Outdated Devices Form a Global Cyber Risk
The size and persistence of this botnet are linked to millions of end-of-life devices still connected to the internet. Many of these devices, especially in developing countries, lack security updates and are easily compromised.
Cheap Android devices from China with disabled security features or pre-installed malware further contribute to this issue. Qrator Labs describes this as a “perfect storm”—millions of high-bandwidth but unprotected endpoints forming the foundation for massive botnets.
At present, security efforts have sinkholed approximately five million such devices globally. Brazil again ranks highest in the number of sinkholed endpoints.
DDoS Attacks Double in Volume Year-over-Year
The rise of botnets has directly fueled a sharp increase in DDoS attack activity:
- Q1 2025 saw a 110% increase in attacks compared to Q1 2024.
- In 2024, attack volumes were already 50% higher than in 2023.
“This scale is unlike anything we’ve seen before,” said Andrey Leskin, CTO of Qrator Labs. “These massive botnets can deliver tens of millions of requests per second, quickly overwhelming systems that lack advanced mitigation.”
Most-Targeted Sectors: IT, Fintech, and E-Commerce
L3 and L4 layer attacks are primarily hitting:
- IT and telecom (26.8%)
- Fintech (22.3%)
- E-commerce (21.5%)
At the application layer (L7), fintech remains the top target, accounting for 54% of attacks. E-commerce follows at 14.4%.
In addition to denial-of-service attacks, automated botnet traffic is also being used for:
- Credential brute-forcing
- Metric manipulation
- Data scraping
- Abuse of APIs and endpoints
The emergence of a 1.33 million-device botnet marks a critical shift in the threat landscape. With DDoS attacks rising steeply and targeting core sectors like fintech and IT, organizations must reassess their exposure—especially in light of growing threats from outdated and poorly secured devices worldwide.
