Q1-Q2 2025 The latest GCore radar report, which analyzes the attack figures, reveals a 41% year-to-year increase in the total amount of attack. Crossing the 2 TBPS records at the end of 2024, the biggest attack reached 2.2 TBPS. Technology now pursues gaming as the most attacking sector, while the financial service industry continues to face increased risks.
Key takeaways: developed DDOS landscape
Here are five major insights from Q1 -Q2 2025 GCore radar report:
- Attack volumes are growing. Total attacks climbed H2 2024 to 969,000 to 1.17 million H1 in 2025, an increase of 21% in the previous two quarters and 41% yoy development.
- The size of the attack keeps increasing. The 2.2 TBPS summit attacks the growing scale and destructive capacity of modern DDOS campaigns.
- The attacks are becoming long and more sophisticated. The extended period and multi -level strategy allows the danger actors to bypass the rescue and maximize dissolution.
- Targeted industries are transferred. The technology overtakes gaming as the top target, while financial services are being rapidly targeted.
- Application-layer attacks are increasing. Multi-vector assaults targeting web applications and APIs are now 38% of the total attacks, which is above 28% in Q3-Q4 2024.
The frequency of DDOS attack has increased
The GCore radar highlights a constant upwards in the radar DDOS activity. Compared to H2 2024, the amount of attack increased 21%While Yoy Vikas reached 41%Underlining the trend of a long -term growth. Many factors contribute to this growth:
- Accessible attack equipment: Cheap DDOS-for-Hare Services strengthens more danger actors.
- Weak IOT device: Unsecured devices are largely kidnapped into boatnets, increasing the versions of the attack.
- Land -political and economic stress: Global instability runs more frequent and targeted attacks.
- Advanced attack technique: Multi-vector and application-layer attacks increase both complexity and impact.
The biggest attack reached 2.2 TBPS
Q1 -Q2 Extreme Attack Hit in 2025 2.2 TBPSAt the end of 2 TBPS attacks of 2024. While the attacks of more than 1 TBPS are rare, their frequency is increasing, highlighting the increasing ambition of the attackers that overwhelms networks, applications and services. Even small attacks may disable unprotected systems.
Targeted industries are shifting
technology Now represents 30% of all DDOS attacksOvertaking Gaming (19%). The provider of mother-in-law, e-commerce, gaming and financial customers are particularly weak, as a single attack can trigger ripple effects in many dependent businesses.
financial Services Account for 21% attacks. Banks and payment systems are the major targets due to high disruption capacity, regulatory sensitivity and ransomware risk.
Gambling Continues important threats, but better defense and strategic attacker changes reduced their stake in H1 2024 to 34% by 34%. Major drivers of ongoing attacks include competitive benefits and revenue effects.
Telecommunication Now 13% attack, which shows their role as important internet infrastructure.
Media, entertainment and retail See more medium attack levels, retail at 10% with media and 5-6%.
Attack period and strategy
Recent data shows Long, more continuous attacksAttacks of less than 10 minutes decreased by about 33%, while the 10–30 minutes of attacks were almost quadrupled. The maximum attack period has decreased from five hours to three, indicating a attention Focused, high impact campaign,
Small burst is preferred. Despite receiving prolonged attacks, brief attacks remain highly disruptive, develop automated rescue and often serve as smokscrains for multi-stage cyber attack.
Invasion vector
In terms of network-layer attack vectors, UDP flood attacks are prominent, accounting for 56%of network-layer attacks, followed by SIN Flood (17%), TCP floods (10%), ACK floods (8%), and ICMP (6%). Multi-sector approaches allow attackers to mask malicious activity as legitimate traffic.
A flood attack Continue growing, now making 8% of the network-layer traffic, which highlighted their ability to detect.
Application-layer attack vector
L7 UDP dominates floods (62%), followed by L7 TCP floods (33%), with 5%types of other attacks. The attackers rapidly exploit business logic and APIs to disrupt operation beyond traditional network surcharge.
Geographical trends
United States and Netherlands Stay the top source for network-layer attacks. Hong Kong Emerges as a new important source, contributing 17% of network-layer and 10% application-layer attacks.
These reveal the need for conclusions Active, geographically conscious rescue,
Multi -level attacks reveal the important role of waap
The attackers are rapidly targeting web applications and APIs, exploiting inventory systems, payment flows and customer interaction points. These attacks often combine volumetric disruption with manipulation of economic logic, affecting areas such as e-commerce, logistics, online banking and public services.
GCore DDOS Safety: Defense against developed dangers
GCore DDOS takes advantage of conservation 200+ TBPS Filting Capacity across 210+ pop worldwideReal time neutralizing attacks. Integrated Web application and API Protection (WAAP) DDOS mitigation, BOT management and API add to security to protect important property while maintaining performance.
Download the full report.
