DDoS attacks reached a new scale in the final quarter of 2025, with peak volumes hitting 12 terabits per second and total incidents climbing to 1.3 million from 512,000 a year earlier, according to Gcore's latest Radar report.
The sixfold jump in peak bandwidth, up from 2.2 Tbps in the previous period, reflects what the Luxembourg-based infrastructure provider describes as a structural shift in the attack landscape: cheaper tools, larger botnets, and the continued expansion of insecure IoT ecosystems.
Sectors and tactics
Technology companies bore the heaviest burden, accounting for 34 per cent of attacks, followed by financial services at 20 per cent and gaming at 19 per cent. Gcore attributes the concentration to the outsized disruption available when infrastructure-layer targets go down in an increasingly interconnected digital economy.
Network-layer attacks made up 82 per cent of incidents, a 20 percentage point increase on the previous reporting period. Three quarters of those lasted less than one minute, suggesting a tactical preference for intense, short-lived bursts designed to overwhelm defences before mitigation systems engage. Application-layer attacks moved in the opposite direction, with 64 per cent exceeding ten minutes.
Geographic concentration
Latin America dominated the geographic distribution of attack sources. Mexico accounted for 31 per cent of observed network-layer attack traffic, Brazil 24 per cent, and the United States 20 per cent. Gcore pointed to the AISURU botnet as a likely driver of the regional concentration.
Attacks are becoming more frequent and more sophisticated because organising them is now cheaper and easier than ever. Businesses and organisations that previously felt unaffected are now being targeted.
