DDoS Attacks Surge During Milano Cortina 2026 Winter Games

The Milano Cortina 2026 Winter Games became a lightning rod for distributed denial‑of‑service activity, with Italian networks recording a 181 % jump in attack volume compared with the 2025 baseline. From February 6 to February 23, the daily onslaught surged to six‑to‑ten times historic levels, culminating in more than 2,200 separate attacks on the final day of competition. This pattern mirrors previous spikes seen during the Olympics and World Cup, confirming that global sporting spectacles present a predictable window for cyber‑threat actors. The surge also strained emergency communication channels, prompting temporary service outages.

Unlike the pre‑event phase, which was dominated by high‑bandwidth assaults, the Games saw a tactical pivot toward high‑throughput UDP flooding, accounting for 85 % of all incidents. The hacktivist collective NoName057(16) claimed responsibility, deploying the DDoSia platform alongside the Aisuru IoT botnet to amplify traffic. By hijacking thousands of insecure smart devices, attackers generated sustained packet bursts that overwhelmed hotel reservation systems, ski‑lift controls, consular portals, and even defense installations, exposing the fragility of legacy network defenses under sustained pressure. These vectors exploited default credentials, highlighting the persistent risk of poorly secured IoT deployments.

For organizers and infrastructure providers, the Milano Cortina surge underscores the need for proactive mitigation strategies. Real‑time traffic scrubbing, diversified routing, and mandatory IoT security hygiene can blunt the impact of UDP‑based floods. Moreover, intelligence sharing between governments, ISPs, and event sponsors can accelerate attribution and response. As the calendar fills with high‑profile gatherings—from the 2028 Los Angeles Olympics to major trade shows—anticipating DDoS spikes will become a core component of cyber‑risk management. Stakeholders are now investing in AI‑driven anomaly detection to pre‑emptively flag malicious traffic spikes.