Gcore: Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

Gcore Report Reveals Surge in DDoS Attacks, Marking a New Era of Scale and Sophistication

A recent Gcore Radar report covering Q3–Q4 2025 highlights a dramatic escalation in DDoS attack activity, with volumes, frequency, and tactical complexity reaching unprecedented levels. The findings, released by the Luxembourg-based infrastructure and security provider, underscore a shifting threat landscape driven by automation, expanded botnet infrastructure, and evolving attacker motivations.

Key Trends in Q3–Q4 2025
The total number of DDoS attacks surged to 1.3 million in Q4 2025, more than doubling the 512,000 recorded in the same period of 2024. Peak attack volumes reached 12 Tbps, a sixfold increase from the previous high of 2.2 Tbps, signaling a rapid expansion in attacker capabilities. While 75% of network-layer attacks lasted under one minute reflecting a preference for short, high-intensity bursts application-layer attacks grew longer, with 64% exceeding 10 minutes. This divergence suggests attackers are tailoring tactics to exploit vulnerabilities at different layers, often leveraging automation to maximize disruption.

Sector and Geographic Targeting
The technology sector bore the brunt of attacks (34%), followed by financial services (20%) and gaming (19%). These industries were prioritized due to their reliance on real-time digital services, where downtime translates to immediate financial or operational losses. Geographically, Latin America emerged as a hotspot for attack origins, with Mexico (31%) and Brazil (24%) accounting for over half of observed network-layer traffic. The U.S. remained a dominant source for application-layer attacks (23%), with the AISURU botnet identified as a key driver of regional activity. The report notes that attack sources often diverge from target locations, emphasizing the need for mitigation strategies that address threats at their origin.

Drivers Behind the Surge
Gcore attributes the spike in DDoS activity to several structural factors:

Broader access to attack tools, lowering the barrier to entry for cybercriminals.
Expansion of insecure IoT ecosystems, providing attackers with larger botnet resources.
Geopolitical and economic instability, fueling opportunistic and targeted campaigns.
Increasing sophistication of attack techniques, including automation and multi-vector strategies.

Network-Layer Attacks Dominate
Network-layer attacks comprised 82% of all incidents, a 20% increase from prior periods. Their prevalence stems from cost-effectiveness and ease of execution, making them a favored method for disruption-focused campaigns. Meanwhile, application-layer attacks evolved to include account takeovers, scraping, and workflow manipulation, indicating a shift toward more deliberate, business-impact-driven tactics.

The report concludes that the DDoS threat landscape has entered a phase of accelerated diversification, with attackers leveraging automation and global botnet infrastructure to launch larger, more targeted campaigns. The findings serve as a benchmark for the evolving risks facing digitally dependent sectors.

Source: https://gbhackers.com/gcore-radar-report-reveals-150-surge-in-ddos-attacks-year-on-year/

GCORE cybersecurity rating report: https://www.rankiteo.com/company/gcore

"id": "GCO1774347825",
"linkid": "gcore",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Technology', 'type': 'Sector'},
                       {'industry': 'Financial Services', 'type': 'Sector'},
                       {'industry': 'Gaming', 'type': 'Sector'}],
 'attack_vector': ['Network-layer', 'Application-layer'],
 'date_detected': '2025-Q3',
 'description': 'A recent Gcore Radar report covering Q3–Q4 2025 highlights a '
                'dramatic escalation in DDoS attack activity, with volumes, '
                'frequency, and tactical complexity reaching unprecedented '
                'levels. The findings underscore a shifting threat landscape '
                'driven by automation, expanded botnet infrastructure, and '
                'evolving attacker motivations.',
 'impact': {'operational_impact': 'Immediate financial or operational losses '
                                  'due to downtime'},
 'lessons_learned': 'The DDoS threat landscape has entered a phase of '
                    'accelerated diversification, with attackers leveraging '
                    'automation and global botnet infrastructure to launch '
                    'larger, more targeted campaigns.',
 'motivation': ['Disruption',
                'Financial gain',
                'Geopolitical',
                'Opportunistic'],
 'post_incident_analysis': {'root_causes': ['Broader access to attack tools',
                                            'Expansion of insecure IoT '
                                            'ecosystems',
                                            'Geopolitical and economic '
                                            'instability',
                                            'Increasing sophistication of '
                                            'attack techniques']},
 'recommendations': 'Mitigation strategies should address threats at their '
                    'origin, including enhanced monitoring, adaptive '
                    'behavioral WAF, and on-demand scrubbing services.',
 'references': [{'source': 'Gcore Radar Report Q3–Q4 2025'}],
 'title': 'Surge in DDoS Attacks in Q3–Q4 2025: New Era of Scale and '
          'Sophistication',
 'type': 'DDoS'}

Gcore: Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

GitHub and OpenAI: A message from John Furrier, co-founder of SiliconANGLE:

Intesa Sanpaolo: Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach

Sterling Seacrest Pritchard: Sterling Seacrest Pritchard email breach exposes data of over 7,400 individuals