60% of all reported cyber incidents in 2024 were Distributed Denial-of-Service (DDoS) attacks.

29% of leaders at financial services firms say they are unprepared to recover effectively from a Distributed Denial of Service attack.

20% of organizations cited denial-of-service attempts as the most common API security problem.

Comcast Business detected 44,000 DDoS attacks, which often utilised short bursts and carpet-bombing techniques to overwhelm and test defenses

State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.

DDoS short bursts used as reconnaissance were also observed: 405 events in less than 5 minutes and 56 events in less than 10 seconds.

Within Public Administration, incidents were dominated by low-impact DDoS campaigns (94.8%).

The largest DDoS attack between January and July 2025 reached a maximum bandwidth of over 1.2 Tbit/s. This is double the largest attack in the first half of 2024, which was 694 Gbit/s.

The highest maximum number of packets transmitted per second recorded was 207,090,400 packets per second in the first half of 2025. 207 million packets per second can paralyze firewalls, servers, and entire networks within seconds.

In 2025, 98% of DDoS attacks routed malicious traffic through the US.

The maximum DDoS attack duration in June 2024 was only 73 minutes.

One observed Layer 7 DDoS attack used around 20,000 legitimate HTTP requests per minute to disrupt sensitive areas. This is compared to 200 million packets per second for brute force attacks, indicating that precision can be more dangerous if unnoticed.

Backbone DDoS attacks (targeting Internet service provider or data center infrastructure) increased by 143% compared to the first half of 2024.

The longest documented DDoS attack in the first half of 2025 lasted 12,388 minutes (8 days and 14 hours).

In 2025, 31% of DDoS attacks routed malicious traffic through Germany.

Targeted Sectors (Web Application and API Protection - WAAP) The analysis shows a shift in affected sectors between the first half of 2024 and the first half of 2025:

The Link11 network recorded 225% more DDoS attacks in the first half of 2025 compared to the same period last year.

The cumulative DDoS attack volume rose from 110 TB in the first half of 2024 to 438 TB in the first half of 2025. 438 TB is equivalent to over 7 years of uninterrupted Netflix streaming in 4K. It is enough data for more than 1,700 years of uninterrupted audiobook playback.

The longest DDoS attack in the first half of 2024 lasted 1,523 minutes (approximately 1 day and 1 hour).

Targeted sectors by DDoS attacks in the first half of 2024: Finance (17%), public Sector (11%), retail & e-Commerce (10%), defense (9%), telco (8%), healthcare (7%), education (6%), media (6%), food (6%), energy (6%), logistics & transport (6%), other (10%).