DDoS pressure rewrites cyber defence
DDoS attacks surged 150% in H2 2025. Gcore reports 1.3 million attacks in Q4 alone. Cloudflare mitigated 47.1 million over the year, peaking at 31.4 Tbps. Attack durations under 60 seconds make manual response useless.
DDoS attacks hit 150% year-over-year growth
DDoS attacks surged 150% year-over-year in H2 2025, according to new data from Gcore. Total attacks in Q4 2025 climbed to 1.3 million, up from 512,000 the year before. Peak attack volume reached 12 terabits per second.
The pattern is clear: attacks are getting faster, bigger, and more frequent. Three quarters of network-layer assaults lasted less than one minute. Attackers are banking on brief, high-intensity barrages that overwhelm targets before anyone can respond manually.
Cloudflare reports even bigger numbers
Cloudflare painted an even more dramatic picture. The company mitigated 47.1 million attacks over 2025, with network-layer attacks tripling from 11.4 million to 34.4 million. A 31.4 Tbps attack in Q4 lasted just 35 seconds, dwarfing the 12 Tbps ceiling from the Gcore report.
A late-December campaign linked to the Aisuru-Kimwolf botnet pushed past 200 million requests per second, powered by compromised Android TV devices. That is not a niche threat. That is consumer hardware weaponized at scale.
Who is getting hit
Technology companies took 34% of attacks in the Gcore data. Financial services followed at 20%, gaming at 19%. These are all sectors where downtime costs money immediately. Cloud platforms, payment systems, and online games all depend on near-perfect uptime.
NETSCOUT tracked over eight million attacks worldwide in H2 2025, calling out the growing role of botnets, multi-vector tactics, and AI-assisted operations. They warned that offensive capacity is expanding faster than corporate defenses can keep up.
Geography is shifting
Attack sources are becoming more distributed. Gcore found 55% of observed activity originating from Mexico and Brazil. Cloudflare saw Hong Kong and the United Kingdom climb in the most-attacked rankings. Botnet ecosystems are more mobile, and organizations can no longer assume that DDoS exposure is limited to familiar hotspots.
The barrier to entry keeps falling. DDoS-for-hire services are cheaper, tools are more accessible, and AI is making coordination easier for less technically skilled operators.
WAFplanet take
DDoS and WAF protection are converging. The same platforms defending against application-layer attacks, like Cloudflare, Akamai, Gcore, and Imperva, are also on the front line of volumetric DDoS mitigation. When attack durations drop below 60 seconds, manual response is useless. You need always-on, automated edge protection.
If your WAF provider does not also handle L3/L4 DDoS, you are leaving a gap. The 150% growth rate is not slowing down. Budget accordingly.
