Gcore Report Reveals Surge in DDoS Attacks, Marking a New Era of Scale and Sophistication A recent Gcore Radar report covering Q3–Q4 2025 highlights a dramatic escalation in DDoS attack activity, with volumes, frequency, and tactical complexity reaching unprecedented levels. The findings, released by Luxembourg-based infrastructure provider Gcore on March 24, 2026, underscore a shifting threat landscape driven by automation, expanded botnet infrastructure, and geopolitical instability. Key Trends in DDoS Attacks The total number of attacks surged to 1.3 million in Q4 2025, more than doubling the 512,000 recorded in the same period of 2024. Peak attack volumes skyrocketed to 12 Tbps, a sixfold increase from the previous high of 2.2 Tbps, reflecting the growing firepower of modern botnets. While 75% of network-layer attacks lasted under one minute indicating a rise in short, high-intensity bursts application-layer attacks trended longer, with 64% exceeding 10 minutes. This divergence suggests attackers are tailoring tactics to exploit vulnerabilities in both infrastructure and application defenses. Targeted Sectors and Geographic Hotspots Technology firms bore the brunt of attacks, accounting for 34% of incidents, followed by financial services (20%) and gaming (19%). These sectors were prioritized due to their reliance on real-time service availability, where disruptions yield immediate financial or operational consequences. Geographically, Latin America emerged as a dominant source of attack traffic, with Mexico (31%) and Brazil (24%) leading network-layer activity. The U.S. remained a key player, contributing 20% of network-layer and 23% of application-layer attacks. The report attributes the regional concentration to the AISURU botnet, which disproportionately exploits vulnerable IoT devices in these areas. Drivers Behind the Surge Gcore identified several structural factors fueling the rise in DDoS attacks: - Broader access to attack tools, lowering the barrier to entry for cybercriminals. - Expansion of insecure IoT ecosystems, providing attackers with larger botnet resources. - Geopolitical and economic instability, creating opportunities for disruption. - Increasing sophistication of attack techniques, including automation for large-scale campaigns. Network-Layer Attacks Dominate Network-layer attacks comprised 82% of all incidents, a 20% increase from prior periods. Their prevalence stems from cost-effectiveness and ease of execution, making them a preferred method for attackers seeking rapid disruption. Meanwhile, application-layer attacks evolved to include automated scraping, account takeovers, and workflow manipulation, signaling a shift toward more targeted, business-impact-driven strategies. The report concludes that mitigation strategies must adapt, emphasizing the need for globally distributed defense infrastructure to neutralize threats closer to their source particularly in regions like Latin America, where attack origination outpaces traditional traffic demand.