The newest Gcore Radar report analyzing assault information from Q1–Q2 2025, reveals a 41% year-on-year enhance in complete assault quantity. The largest assault peaked at 2.2 Tbps, surpassing the two Tbps file in late 2024. Attacks are rising not solely in scale however in sophistication, with longer durations, multi-layered methods, and a shift in goal industries. Technology now overtakes gaming as probably the most attacked sector, whereas the monetary providers trade continues to face heightened dangers.
Key takeaways: the evolving DDoS panorama
Here are 5 key insights from the Q1–Q2 2025 Gcore Radar report:
- Attack volumes are rising. Total assaults climbed from 969,000 in H2 2024 to 1.17 million in H1 2025, a 21% enhance over the earlier two quarters and 41% YoY progress.
- Attack dimension continues to develop. The peak assault of two.2 Tbps demonstrates the rising scale and harmful potential of contemporary DDoS campaigns.
- Attacks have gotten longer and extra subtle. Extended durations and multi-layered ways enable risk actors to bypass defenses and maximize disruption.
- The industries focused are shifting. Technology overtakes gaming as the highest goal, whereas monetary providers is being more and more focused.
- Application-layer assaults are on the rise. Multi-vector assaults concentrating on internet functions and APIs now account for 38% of complete assaults, up from 28% in Q3–This fall 2024.
DDoS assault frequency has surged
Gcore Radar highlights a continued upward trajectory in DDoS exercise. Compared to H2 2024, assault volumes rose 21%, whereas YoY progress reached 41%, underscoring a long-term escalation pattern. Several elements contribute to this rise:
- Accessible assault instruments: Cheap DDoS-for-hire providers empower extra risk actors.
- Vulnerable IoT units: Unsecured units are hijacked into large-scale botnets, amplifying assault volumes.
- Geopolitical and financial tensions: Global instability drives extra frequent and focused assaults.
- Advanced assault strategies: Multi-vector and application-layer assaults enhance each complexity and affect.
The largest assault reached 2.2 Tbps
The peak assault in Q1–Q2 2025 hit 2.2 Tbps, surpassing late 2024’s 2 Tbps assault. While assaults exceeding 1 Tbps stay uncommon, their frequency is rising, highlighting attackers’ rising ambition to overwhelm networks, functions, and providers. Even smaller assaults can incapacitate unprotected techniques.
Industries focused are shifting
Technology now represents 30% of all DDoS assaults, overtaking gaming (19%). Hosting suppliers supporting SaaS, e-commerce, gaming, and monetary shoppers are significantly weak, as a single assault can set off ripple results throughout a number of dependent companies.
Financial providers account for 21% of assaults. Banks and fee techniques are prime targets resulting from excessive disruption potential, regulatory sensitivity, and ransomware danger.
Gaming continues to face vital threats, however improved defenses and strategic attacker shifts decreased its share from 34% in H2 2024 to 19% in H1 2025. Key drivers of ongoing assaults embody aggressive benefit and income affect.
Telecommunications now make up 13% of assaults, reflecting their function as crucial web infrastructure.
Media, leisure, and retail see extra average assault ranges, with media at 10% and retail at 5–6%.
Attack period and ways
Recent information reveals a shift towards longer, extra sustained assaults. Attacks below 10 minutes decreased by roughly 33%, whereas 10–30 minute assaults almost quadrupled. Maximum assault period barely decreased, from 5 hours to 3, indicating a concentrate on concentrated, high-impact campaigns.
Short bursts stay most popular. Despite longer assaults gaining prevalence, temporary assaults stay extremely disruptive, evading automated defenses and sometimes serving as smokescreens for multi-stage cyberattacks.
Attack vectors
In phrases of network-layer assault vectors, UDP flood assaults stay dominant, accounting for 56% of network-layer assaults, adopted by SYN floods (17%), TCP floods (10%), ACK floods (8%), and ICMP (6%). Multi-vector approaches enable attackers to masks malicious exercise as legit site visitors.
ACK flood assaults proceed to rise, now making up 8% of network-layer site visitors, highlighting their potential to bypass detection.
Application-layer assault vectors
L7 UDP floods dominate (62%), adopted by L7 TCP floods (33%), with different assault varieties at 5%. Attackers more and more exploit enterprise logic and APIs to disrupt operations past conventional community overload.
Geographical developments
The United States and the Netherlands stay high sources for network-layer assaults. Hong Kong emerges as a brand new vital supply, contributing 17% of network-layer and 10% of application-layer assaults.
These findings spotlight the necessity for proactive, geographically conscious defenses.
Multi-layered assaults spotlight the crucial function of WAAP
Attackers are more and more concentrating on internet functions and APIs, exploiting stock techniques, fee flows, and buyer interplay factors. These assaults usually mix volumetric disruption with manipulation of financial logic, affecting sectors corresponding to e-commerce, logistics, on-line banking, and public providers.
Gcore DDoS Protection: defending towards evolving threats
Gcore DDoS Protection leverages 200+ Tbps filtering capability throughout 210+ PoPs worldwide, neutralizing assaults in actual time. Integrated Web Application and API Protection (WAAP) combines DDoS mitigation, bot administration, and API safety to guard crucial property whereas sustaining efficiency.