Gcore, the infrastructure and software provider for AI, cloud, network and security solutions, has announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack volumes, increasingly sophisticated tactics, and changes in attack locations driven by evolving botnet infrastructure.

The DDoS attack landscape is at a clear inflection point: threats are not just growing; they are accelerating and diversifying. To prevent disruption, businesses must act quickly and adopt integrated solutions capable of detecting intent, analysing behaviour, and responding to threats across multiple attack surfaces.

Key insights from Q3-Q4 2025

• Total number of attacks grew to 1300K in Q4 2025 from 512K in Q4 2024, reinforcing the view that DDoS activity is entering a new phase of scale and frequency
• Attack volumes surged to 12 Tbps in Q4, representing a sixfold increase and highlighting unprecedented growth in attack capabilities.
• 75 per cent of network-layer attacks lasted less than one minute, while application-layer attacks showed a shift toward longer durations
• Technology remains the most targeted sector, accounting for 34 per cent of attacks, followed by financial services (20 per cent) and gaming (19 per cent).
• Geographic patterns show a strong concentration of attack sources in Latin America, with Mexico and Brazil together accounting for 55 per cent of observed activity.

Andrey Slastenov, Head of Security, Gcore, commented: ‘‘The latest Radar report is a call to action for business across industries. Attacks are becoming more frequent and more sophisticated because organising them is now cheaper and easier than ever. Businesses and organisations that previously felt unaffected are now being targeted. Effective protection strategies do exist, but understanding what is happening and being prepared has never been more important.’’

New drivers of DDoS attack growth and intensity

DDoS attack volumes and scale have reached new levels, with the sixfold increase from 2.2 Tbps to 12 Tbps, reflecting the rapid escalation of attack capabilities. Several structural factors are causing DDoS attack numbers to grow:

• Broader access to attack tools
• Expansion of insecure IoT ecosystems
• Geopolitical and economic instability
• Increasing sophistication of attack techniques

Network-layer attacks continue to increase

Network-layer attacks accounted for 82 per cent of all observed incidents in the current period, a significant 20 per cent increase from the last report. This surge reflects the economics of cybercrime: network-layer attacks are cheaper and easier to execute, making them an attractive option for attackers who simply want to cause disruption.

Recent data reveals shifts in attack duration and sophistication

Network-layer DDoS attacks became noticeably shorter in duration, with most attacks (75 per cent) lasting less than one minute. Only 2 per cent of attacks extended beyond ten minutes, indicating a continued shift toward highly intense, short-lived bursts designed to overwhelm targets quickly before mitigation measures fully engage. At the same time, application-layer DDoS attacks followed an opposite trajectory, with medium-duration attacks becoming significantly more common as 64 per cent of attacks exceeded 10 minutes.

Attackers also increasingly relied on automation to execute large-scale campaigns. This shift reflects a broader transition from opportunistic abuse toward more deliberate, business-impact-focused attacks, including account takeover attempts, scraping, and direct manipulation of application workflows.

Attackers target digitally intensive sectors for maximum disruption

Attacks concentrated around several key sectors, including technology (34 per cent), financial services (20 per cent), and gaming (19 per cent). These sectors are favoured targets because service availability is critical, and disruption can generate immediate operational or financial impact. The continued growth of attacks targeting the technology sector reflects its foundational role in today’s digital economy. As digital ecosystems become increasingly interconnected and cloud-dependent, attackers appear to prioritise infrastructure-layer targets capable of generating the broadest possible disruption.

The Americas dominate geographical distribution of attack sources

The geographic distribution of attack sources shows a strong concentration in the Americas, with Mexico accounting for 31% of network-layer observed traffic, followed by Brazil (24 per cent) and the US (20 per cent). The US remains prevalent for application layer attacks as well, at 23 per cent representation. The likely culprit for the American dominance of network-layer attacks is the AISURU botnet, which disproportionately affects networks and device ecosystems in these countries.

In today’s sophisticated attack environment, the data reveals why it’s critical to mitigate attacks as close to their source as possible, rather than near the target, noted Gcore. Effective protection requires globally distributed capacity, not only in regions with high traffic demand, but also in regions that are frequent sources of attack activity – which are often not the same.

Other posts by :

1. AST SpaceMobile updates on financials, launches
2. Amazon Leo, Starlink remain at loggerheads
3. AI: Anxious Intelligence
4. Reliance eyes LEO constellation
5. Ted Turner: Another giant sleeps
6. Orbex was losing £2m per month
7. McKinsey: ‘Star Wars Day’ sees Aerospace at an Inflection point
8. US spectrum shuffle could earn SES billions
9. FAA plans to tax rocket launches

Categories: Articles, Broadband, Research

Tags: ddos, gcore