DDoS Statistics

The technology sector represented 45% of all network-layer DDoS attacks, up from 8.77% in 2024.

North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).

Network-layer DDoS attacks targeting OSI layers 3–4 increased 168.2% year over year.

Peak network-layer DDoS attack volumes reached almost 30 Tbps.

In the second half of 2025 the average Radware customer experienced more than 25,351 network-layer DDoS attacks, averaging 139 attacks per day.

Web DDoS attacks targeting OSI layer 7 increased by 101.4% compared to 2024.

Most high-impact Web DDoS attacks now last less than 60 seconds.

94.4% of Web DDoS attacks measured under 100,000 requests per second.

EMEA accounted for 57% of all Web DDoS attacks globally.

APAC's Web DDoS attacks surged 485% year over year.

60% of all reported cyber incidents in 2024 were Distributed Denial-of-Service (DDoS) attacks.

29% of leaders at financial services firms say they are unprepared to recover effectively from a Distributed Denial of Service attack.

20% of organizations cited denial-of-service attempts as the most common API security problem.

State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.

Comcast Business detected 44,000 DDoS attacks, which often utilised short bursts and carpet-bombing techniques to overwhelm and test defenses

DDoS short bursts used as reconnaissance were also observed: 405 events in less than 5 minutes and 56 events in less than 10 seconds.

Within Public Administration, incidents were dominated by low-impact DDoS campaigns (94.8%).

The largest DDoS attack between January and July 2025 reached a maximum bandwidth of over 1.2 Tbit/s. This is double the largest attack in the first half of 2024, which was 694 Gbit/s.

In 2025, 98% of DDoS attacks routed malicious traffic through the US.

The highest maximum number of packets transmitted per second recorded was 207,090,400 packets per second in the first half of 2025. 207 million packets per second can paralyze firewalls, servers, and entire networks within seconds.

The maximum DDoS attack duration in June 2024 was only 73 minutes.

One observed Layer 7 DDoS attack used around 20,000 legitimate HTTP requests per minute to disrupt sensitive areas. This is compared to 200 million packets per second for brute force attacks, indicating that precision can be more dangerous if unnoticed.

Backbone DDoS attacks (targeting Internet service provider or data center infrastructure) increased by 143% compared to the first half of 2024.

The longest documented DDoS attack in the first half of 2025 lasted 12,388 minutes (8 days and 14 hours).

In 2025, 31% of DDoS attacks routed malicious traffic through Germany.

Targeted Sectors (Web Application and API Protection - WAAP) The analysis shows a shift in affected sectors between the first half of 2024 and the first half of 2025:

The Link11 network recorded 225% more DDoS attacks in the first half of 2025 compared to the same period last year.

The cumulative DDoS attack volume rose from 110 TB in the first half of 2024 to 438 TB in the first half of 2025. 438 TB is equivalent to over 7 years of uninterrupted Netflix streaming in 4K. It is enough data for more than 1,700 years of uninterrupted audiobook playback.

The longest DDoS attack in the first half of 2024 lasted 1,523 minutes (approximately 1 day and 1 hour).

Targeted sectors by DDoS attacks in the first half of 2024: Finance (17%), public Sector (11%), retail & e-Commerce (10%), defense (9%), telco (8%), healthcare (7%), education (6%), media (6%), food (6%), energy (6%), logistics & transport (6%), other (10%).

Attack success rates demonstrate that 40% to 50% of systems are still inadequately protected against politically motivated attack tactics.

Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%).

Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%).

Hacktivist groups like NoName057(16) orchestrated hundreds of coordinated DDoS attacks each month.

There were multiple gigapacket-per-second (Gpps) DDoS attacks in the first half of 2025.

A 3.12 Tbps DDoS attack occurred in the Netherlands in the first half of 2025.

The Iran-Israel conflict generated more than 15,000 DDoS attacks against Iran in June.

Bot-driven DDoS incidents peaked at 1,600 in March.

Attack durations for bot-driven DDoS attacks increased to an average of 18 minutes.

More than 50 DDoS attacks were greater than a terabit-per-second (Tbps) in the first half of 2025.