DDoS attacks are rising at an alarming pace in both scale and sophistication, according to Gcore’s newly released Radar report for the first half of 2025. The global edge AI, cloud, and security provider found that distributed denial-of-service attack volumes increased by 41% compared with the same period in 2024, with the largest single incident reaching 2.2 terabits per second (Tbps), surpassing the 2 Tbps peak observed late last year.
The findings highlight a rapidly evolving threat landscape where cybercriminals are combining brute-force network flooding with targeted application-layer manipulation. This dual approach makes detection and mitigation significantly more difficult, raising the stakes for enterprises across industries. “The latest Gcore Radar should be a wake-up call to businesses across all industries,” said Andrey Slastenov, Head of Security at Gcore. “To avoid the financial and reputational fallout of these attacks, organizations must prioritize investments in DDoS detection, mitigation, and prevention.”
A notable trend in early 2025 is the shift toward longer, more persistent attacks. While extremely brief, high-intensity DDoS events dominated headlines in prior years, Gcore observed that assaults lasting 10 to 30 minutes nearly doubled, while sub-10-minute attacks declined by roughly 33%. This suggests attackers are adapting to automated defensive systems, which often neutralize shorter bursts. By extending attack durations, threat actors are testing infrastructure resilience and maximizing disruption.
Multi-vector attacks are also gaining traction, with malicious activity increasingly hidden within legitimate-looking traffic. This tactic not only prolongs the window for potential damage but also complicates identification and mitigation efforts. Analysts note that this underlines the need for layered defense strategies capable of addressing complex, evolving threats.
Hong Kong as an Emerging DDoS Hotspot
Industry targeting is also shifting. For years, gaming bore the brunt of DDoS campaigns, but its share has now fallen by 30%. In contrast, attacks on technology providers and financial services surged by 15% each. These sectors present appealing targets because of their systemic importance and the potential cascading effects of disruption. Hosting providers, in particular, have become high-value targets. Since they deliver services to SaaS, e-commerce, and financial platforms, a single attack on one provider can ripple through entire ecosystems, causing widespread downtime and reputational damage.
Geographically, the United States and the Netherlands remain top sources of DDoS traffic. However, Gcore identified Hong Kong as an emerging hotspot, now responsible for 17% of all network-layer attacks and 10% of application-layer activity. The expansion into new regions demonstrates the adaptive, global nature of the threat, highlighting the need for flexible and distributed defense postures.
Perhaps the most concerning development is the sharp increase in application-layer assaults. These rose from 28% of total attacks in late 2024 to 38% in the first half of 2025, targeting web applications and APIs in sectors with heavy customer interaction. E-commerce, online banking, logistics, and public services are all being hit with greater frequency. By exploiting vulnerabilities at this level, attackers can cause outages that directly affect end users, amplifying both economic and reputational risks.
Gcore’s Radar report logged 1.17 million DDoS incidents globally in the first half of 2025, up from 969,000 in the latter half of 2024. With attack intensity, persistence, and complexity all on the rise, the company stresses that no sector is immune. Organizations are urged to implement multi-layered protections that combine volumetric defenses with application-level safeguards and to leverage global intelligence that can track shifting patterns in attack origin and method.
The report also reinforces a broader theme: the arms race between attackers and defenders is accelerating. As enterprises invest in automation, AI-driven defenses, and faster detection systems, adversaries respond with longer campaigns, more varied attack vectors, and expansion into new geographies. For CIOs and CISOs, the lesson is clear—traditional perimeter defenses and single-layer mitigations are no longer enough.
DDoS has evolved into a persistent, global business risk, one that requires proactive, flexible, and resilient countermeasures. If the first half of 2025 is any indication, enterprises that fail to prioritize comprehensive DDoS defense strategies may find themselves increasingly vulnerable in a digital economy where downtime translates directly into lost trust and lost revenue.
Discover more from WIREDGORILLA
Subscribe to get the latest posts sent to your email.
![Stop Losing SEO Traffic: AI-Powered Strategies to Detect, Fix, and Drive [MozCon 2025 Speaker Series]](https://wiredgorilla.com/wp-content/webp-express/webp-images/uploads/2025/09/stop-losing-seo-traffic-ai-powered-strategies-to-detect-fix-and-drive-mozcon-2025-speaker-series.jpg.webp)