The Link11 European Cyber Report 2025 highlights a significant rise in DDoS attacks, showing a 137% increase compared to the previous year. These attacks are not only more frequent but also more sophisticated, targeted, and shorter, with two-thirds of them peaking within 10 to 60 seconds. The largest attack recorded reached a massive 1.4 terabits per second, setting a new scale for such incidents. The combination of multiple attack vectors makes defending against these attacks more complex and requires precise protection strategies.
The Allianz Risk Barometer 2025 notes that digital transformation increases the attack surface, making organizations more vulnerable to cyber threats. Cybercriminals now use powerful botnets and advanced techniques to launch rapid and impactful DDoS attacks. A notable example is a four-day multi-vector attack that overwhelmed both infrastructure and web applications, resulting in over 120 million requests. Such attacks show the strategic use of layered techniques and wave-based patterns to test defenses and increase the impact.
The attack strategies observed in this incident involved overwhelming network infrastructure with massive data streams and targeting APIs and web applications with complex queries. These modern attack patterns have made traditional DDoS defenses less effective, highlighting the urgent need for organizations to upgrade their security strategies.
The shift from simple, singular attack vectors to more dynamic and multifaceted ones has forced companies to rethink their mitigation approaches to stay ahead of evolving threats.
Modern security architecture, including AI-powered detection and adaptive Web Application and API protection, is now crucial for resilience. Enterprises are increasingly relying on AI systems for real-time detection and prevention of attacks, while bot management and adaptive WAF systems play an essential role. With attackers focusing on exploiting APIs and web applications, organizations must continue to adapt their security strategies to safeguard critical business processes and sensitive data.
Reference: