Gcore Report Reveals Surge in DDoS Attacks, Marking a New Era of Scale and Sophistication A recent Gcore Radar report covering Q3–Q4 2025 highlights a dramatic escalation in DDoS attack activity, with volumes, frequency, and tactical complexity reaching unprecedented levels. The findings, released by the Luxembourg-based infrastructure and security provider, underscore a shifting threat landscape driven by automation, expanded botnet infrastructure, and evolving attacker motivations. Key Trends in Q3–Q4 2025 The total number of DDoS attacks surged to 1.3 million in Q4 2025, more than doubling the 512,000 recorded in the same period of 2024. Peak attack volumes reached 12 Tbps, a sixfold increase from the previous high of 2.2 Tbps, signaling a rapid expansion in attacker capabilities. While 75% of network-layer attacks lasted under one minute reflecting a preference for short, high-intensity bursts application-layer attacks grew longer, with 64% exceeding 10 minutes. This divergence suggests attackers are tailoring tactics to exploit vulnerabilities at different layers, often leveraging automation to maximize disruption. Sector and Geographic Targeting The technology sector bore the brunt of attacks (34%), followed by financial services (20%) and gaming (19%). These industries were prioritized due to their reliance on real-time digital services, where downtime translates to immediate financial or operational losses. Geographically, Latin America emerged as a hotspot for attack origins, with Mexico (31%) and Brazil (24%) accounting for over half of observed network-layer traffic. The U.S. remained a dominant source for application-layer attacks (23%), with the AISURU botnet identified as a key driver of regional activity. The report notes that attack sources often diverge from target locations, emphasizing the need for mitigation strategies that address threats at their origin. Drivers Behind the Surge Gcore attributes the spike in DDoS activity to several structural factors: - Broader access to attack tools, lowering the barrier to entry for cybercriminals. - Expansion of insecure IoT ecosystems, providing attackers with larger botnet resources. - Geopolitical and economic instability, fueling opportunistic and targeted campaigns. - Increasing sophistication of attack techniques, including automation and multi-vector strategies. Network-Layer Attacks Dominate Network-layer attacks comprised 82% of all incidents, a 20% increase from prior periods. Their prevalence stems from cost-effectiveness and ease of execution, making them a favored method for disruption-focused campaigns. Meanwhile, application-layer attacks evolved to include account takeovers, scraping, and workflow manipulation, indicating a shift toward more deliberate, business-impact-driven tactics. The report concludes that the DDoS threat landscape has entered a phase of accelerated diversification, with attackers leveraging automation and global botnet infrastructure to launch larger, more targeted campaigns. The findings serve as a benchmark for the evolving risks facing digitally dependent sectors.