Q1 – Q2 The latest GCORE Radar Report, which analyzes attack data for 2025, reveals a 41% increase in total attack volume. The biggest attack peaked at 2.2 Tbps, surpassing 2 Tbps records in the second half of 2024. Attacks are refined not only by scale, but also by longer periods, multi-tier strategies, and changing target industries. Technology is currently overtaking the game as the most attacked sector, but the financial services industry continues to face increased risk.
Key Takeout: The Evolving DDOS Scene
Q1 – Q2 2025 Here are five important insights from the GCORE Radar Report:
The attack volume is increasing. The total attack rose from 969,000 in H2 2024 to 117 million in H1, 2025, up 21% over the past two quarters and 41% year-on-year. The attack size continues to grow. 2.2 The peak attack on TBP shows the increase in scale and destructive potential of modern DDO campaigns. The attack is longer and more refined. Longer and multi-layered tactics allow threat actors to bypass defenses and maximize disruption. The target industries are changing. Technology has overtaken gaming as its top goal, and financial services are becoming increasingly targeted. Application layer attacks are on the rise. Multi-vector attacks targeting web applications and APIs account for 38% of total attacks, up from 28% in Q3-Q4 2024.
DDOS attack frequency has increased rapidly
The GCORE radar highlights the continuous upward trajectory of DDOS activity. Compared to H2 2024, the volume of attacks increased by 21%, but year-on-year growth reached 41%, highlighting the long-term escalation trend. Several factors have contributed to this rise:
Accessible Attack Tool: Inexpensive ddos-for-hire services empower more threat actors. Vulnerable IoT devices: Unsecured devices are hijacked by large botnets to amplify attack volumes. Geopolitical and economic tensions: Global instability promotes more frequent and targeted attacks. Advanced Attack Techniques: Multi-vector and application layer attacks increase both complexity and shock.
The biggest attack reached 2.2 Tbps
Q1 – Q2 The peak attack in 2025 hit 2.2 TBPS, surpassing the two TBPS attacks in the second half of 2024. Attacks above one TBP remain rare, but their frequency is rising, highlighting the growing ambitions of attackers overwhelming networks, applications, and services. Even small attacks can neutralize unprotected systems.
Targeted industries are changing
Technology currently accounts for 30% of all DDO attacks, overtaking the game (19%). Hosting providers that support SaaS, e-commerce, gaming, and financial clients are particularly vulnerable as a single attack can cause ripple effects in multiple dependent businesses.
Financial services account for 21% of attacks. Banking and payment systems are key targets due to high potential for confusion, regulatory sensitivity, and ransomware risk.
While the game continues to face serious threats, improvements in the shift of defense and strategic attackers have decreased from 34% in H2 2024 to 19% in H1 2025.
Telecommunications currently accounts for 13% of attacks, reflecting its role as a critical Internet infrastructure.
Media, entertainment and retailers have a more moderate attack level, with media at 10% and retailers at 5-6%.
Attack period and tactics
Recent data shows a shift towards longer and more sustained assault. Attacks under 10 minutes fell by about 33%, while attacks from 10-30 minutes fell almost a quarter. The maximum attack duration has been slightly reduced from 5 hours to 3 hours, focusing on a focused shock campaign.
Short bursts remain desirable. Despite the longer attacks gaining prevalence, short attacks remain extremely destructive, evading automated defenses and often serves as smokescreens for multi-stage cyberattacks.
Attack vector
In terms of network layer attack vectors, UDP flood attacks remain dominant, accounting for 56% of network layer attacks, followed by SYN floods (17%), TCP floods (10%), ACK floods (8%), and ICMP (6%). A multi-vector approach allows attackers to mask malicious activity as legal traffic.
ACK flood attacks continue to increase, and now account for 8% of network layer traffic, highlighting their ability to bypass detection.
Application Layer Attack Vector
L7 UDP floods dominated (62%) followed by L7 TCP floods (33%) with other attack types at 5%. Attackers are increasingly leveraging business logic and APIs to disrupt operations beyond traditional network overload.
Geographical trends
The US and the Netherlands remain the biggest sources of network layer attacks. Hong Kong has emerged as a new important source, contributing to 17% of the network layer and 10% of application layer attacks.
These findings highlight the need for proactive and geographically aware defenses.
Multi-layered attacks highlight the key role of WAAP
Attackers are increasingly targeting web applications and APIs, leveraging inventory systems, payment flows, and customer interaction points. These attacks often combine volumetric disruption and manipulation of economic logic to affect sectors such as e-commerce, logistics, online banking, and public services.
GCORE DDOS Protection: Defense Against Evolving Threats
GCORE DDOS protection leverages over 200 TBPS filtering capacity with over 210 pops around the world to neutralize attacks in real time. Integrated Web Applications and API Protection (WAAP) combines DDOS mitigation, bot management, and API security to protect critical assets while maintaining performance.
Download the full report.
Source link
