Frequency & Sophistication of DDoS Attack rise to198% in 1stQ 2025
Ways to protect enterprise assets and infrastructure is not only a CISO’s responsibility but a cause of worry for CXO, CTO ‘s as a powerful DDoS attack can cause havoc on revenues, productivity and reputation.
Threat mitigation from any DDoS attack, requires services from secured and trusted partners who can offer expertise and scale whenever required to mitigate the threats that emerge from DDoS attack.
This is also important from cost point of view as large enterprise bear the burnout and it requires expertise to constantly monitor and clean the traffic that get routed to customer network.
It is important organization find service oriented partners who have skilled networking capacity and processing power so that in face of attack, they can automatically respond to DDoS attacks, detect and mitigate.
According to MazeBolt research, even the best DDoS protections leave enterprises highly exposed. Typically, large-scale, global organizations are only 60% protected – leaving the door wide open for cybercriminals to exploit the gaps.
Statistics show from past DDoS attacks have taken down large services like Spotify, GitHub, Microsoft services like Outlook and OneDrive.
According to new data released by Netscout, distributed denial of service (DDoS) attacks are on the rise. There were 17 million such attacks in 2024 – up from 13 million the year before. It’s an astonishing rise that has big implications for your business.
Defining DDoS attack
When a cyber criminal or malicious actor push for a service with additional requests than it can handle, making the resources unavailable and non-functional subsequently bringing it down.
In cases DDoS attack forcefully shuts a website, network, or computer offline by overloading it with requests. We often hear Black Friday sales out in big giant displays, these often drive a lot of internet traffic towards the brand or one destination at once.
A DDoS attack works when several different IP addresses target the same platform at same time that can overwhelm the server in question and bring it down.
Often, this attack is carried botnets which are a collection of devices when infected with malware, they can controlled remotely by cyber criminals. DDoS attack is executed by several different actors at the same time.
Increase in DDoS Attack in 2025
DDoS attacks increased by 198% compared to the last quarter of 2024 and by 358% compared to the same quarter last year.
On April 3 attack targeted an unnamed online betting organization, lasting around 90 minutes, starting at 11:15 with a surge of 67Gbps, before escalating sharply to 217Gbps by 11:23, and peaked just short of 1Tbps at 965Gbps by 11:36.
Research shows A total of 20.5 million DDoS attacks were stopped during the period, of which 6.6 million attacks were directly targeted at Cloudflare’s infrastructure. Gaming servers were the most popular target for DDoS attacks. Attack patterns remains spotted during the 2024 UEFA European Football Championship, held in Germany, where spikes in DDoS activity also targeted online betting sites.
In Geopolitics DDoS has emerged as a tool that is often and can be abused to target attacks.
According to research by NETSCOUT, the second half of 2024 saw almost 9 million DDoS attacks, a 12.75% increase from the first six months. Israel in particular saw a 2,844% increase in attacks, seeing a high of 519 in one day.
The above mentioned Russian hacking group, NoName057(16), focused primarily on government services in the UK, Belgium, and Spain. Georgia also saw a 1,489% increase in attacks in the lead up to the “Russia Bill”, highlighting its use as a political weapon.
Network-layer DDoS attacks were the primary driver of the overall surge. In Q1 2025, 16.8 million of these attacks were blocked, representing a 509% year-over-year rise and a 397% increase from the prior quarter.
Hyper-volumetric attacks, defined as those exceeding 1 terabit per second (Tbps) or one billion packets per second (Bpps), have become increasingly common. Cloudflare reported approximately 700 such attacks during the quarter, averaging about eight per day.
Major targets of DDoS attack
Globally, there have been notable changes in the most-targeted locations. Germany moved up four spots to become the most attacked country in Q1 2025.
Turkey made an 11-place jump to secure second position, while China dropped to third. Hong Kong, India, and Brazil also appeared among the top most-attacked countries, with movements seen across several regions in the rankings. Australia, for its part, remained outside the global top ten.
Industries facing the most pressure have shifted this quarter as well. The Gambling & Casinos sector moved to the top position as the most targeted industry, after climbing four places.
Telecommunications dropped to second, and Information Technology & Services followed in third.
Other industries experiencing notable increases in attacks included Cyber Security, which jumped 37 places, and Airlines, Aviation & Aerospace. In Australia, the industries facing the most attacks were Telecommunications, Information Technology and Services, Human Resources, and Consumer Services.
The report detailed attack vectors and trends, showing that the most common technique at the network layer remains SYN flood attacks, followed by DNS flood and Mirai-launched attacks.
Among HTTP DDoS attacks, more than 60% were identified and blocked as known botnets, with others attributed to suspicious attributes, browser impersonation, and cache busting techniques.
Cloudflare observed significant surges in two emerging attack methods. CLDAP reflection/amplification attacks grew by 3,488% quarter-over-quarter, exploiting the connectionless nature of the protocol to overwhelm victims with reflected traffic.
Similarly, ESP reflection/amplification attacks rose 2,301%, underscoring vulnerabilities in systems using the Encapsulating Security Payload protocol.
Despite the increase in the volume and size of attacks, the report noted that 99% of network-layer DDoS attacks in Q1 2025 were below 1 Gbps and one million packets per second.
Likewise, 94% of HTTP attacks fell below one million requests per second. Most attacks were short-lived, with 89% of network-layer and 75% of HTTP attacks ending within 10 minutes, but the impact can persist much longer due to the resulting service disruptions.
Addressing the rise of DDoS attack & Mitigation solution
DDoS attack intends to disrupt some or all of its target’s services there are variety of DDoS attacks. They are all uniquely different. There are three common types of DDoS attacks:
- Volumetric (Gbps)
- Protocol (pps)
- Application layer (rps) attacks.
An effective DDoS attack is launched when near by network detects easily the cheap IoT devices like toys, small appliances, thermostats, security camera and Wi-Fi routers. These devices makes it easy to launch an effective attack that can have massive impact.
Threat Mitigation of DDoS attack
Application Layer attacks can be detected early with solutions by monitoring visitor behavior, blocking known bad bots and constant testing.
To do this more effectively Intrucept recently launched Cyber Analytics platform
Cyber Analytics platform 𝘀𝗲𝗮𝗺𝗹𝗲𝘀𝘀𝗹𝘆 𝗯𝗿𝗶𝗻𝗴𝘀 𝘁𝗼𝗴𝗲𝘁𝗵𝗲𝗿 𝘁𝗵𝗲 𝗽𝗶𝗹𝗹𝗮𝗿𝘀 𝗼𝗳 𝗺𝗼𝗱𝗲𝗿𝗻 𝗰𝘆𝗯𝗲𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻𝘁𝗼 𝗼𝗻𝗲 𝘂𝗻𝗶𝗳𝗶𝗲𝗱 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺 𝗶.𝗲. 𝗯𝗲𝘀𝘁-𝗶𝗻-𝗰𝗹𝗮𝘀𝘀 𝗮𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝘀.
✅ XDR (Extended Detection & Response)
✅ Next-Gen SIEM (Security Information & Event Management)
✅ SOAR (Security Orchestration, Automation & Response)
✅ Threat Intelligence
✅ AI-Powered Security Analytics
𝗖𝘆𝗯𝗲𝗿 𝗔𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 𝗱𝗲𝗹𝗶𝘃𝗲𝗿𝘀:
Real-time threat detection across endpoints, cloud, networks, and apps
Automated incident response to reduce MTTR & human fatigue
AI-driven insights to power proactive, risk-based decision-making
Built for agility, scalability & actionable intelligence; our platform gives security teams the edge required to move from playing catch-up to staying ahead.
𝗖𝘆𝗯𝗲𝗿 𝗔𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 𝗿𝗲𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝘀 𝗮 𝘀𝘁𝗲𝗽 𝗳𝗼𝗿𝘄𝗮𝗿𝗱 𝗶𝗻 𝗮𝗰𝗵𝗶𝗲𝘃𝗶𝗻𝗴 𝗯𝗲𝘁𝘁𝗲𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗼𝘂𝘁𝗰𝗼𝗺𝗲𝘀.
DDoS attacks have skyrocketed 358% year-over-year, report says