2026 Global Threat Analysis Report

The technology sector represented 45% of all network-layer DDoS attacks, up from 8.77% in 2024.

North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).

Malicious web application and API transactions rose 128% year over year.

Vulnerability exploitation accounted for 41.8% of observed application-layer attacks, rising to nearly 58% in Q4 2025.

In the first six months of 2025 bad bot activity reached 89.2% of the total volume observed across all of 2024.

North America accounted for 40.7% of malicious bot transactions, followed by APAC (25%), EMEA (19.1%) and Central and Latin America (15.2%).

Europe accounted for 48.4% of all claimed hacktivist attacks, compared with the Middle East (17.7%) and Asia (17.5%).

Israel received 12.2% of claimed hactivist attacks, the United States 9.4%, and Ukraine 8.9% of claimed attacks.

Government services are the primary target in 38.8% of all claimed hactivism attacks.

The hacktivist group NoName057 (16) claimed 4,693 attacks, the highest number claimed by a single hacktivist entity.

Network-layer DDoS attacks targeting OSI layers 3–4 increased 168.2% year over year.

Peak network-layer DDoS attack volumes reached almost 30 Tbps.

In the second half of 2025 the average Radware customer experienced more than 25,351 network-layer DDoS attacks, averaging 139 attacks per day.

Web DDoS attacks targeting OSI layer 7 increased by 101.4% compared to 2024.

Most high-impact Web DDoS attacks now last less than 60 seconds.

94.4% of Web DDoS attacks measured under 100,000 requests per second.

EMEA accounted for 57% of all Web DDoS attacks globally.

Bad bot activity increased 91.8%.

APAC's Web DDoS attacks surged 485% year over year.