Frankfurt am Main, Germany, March 2nd, 2026, CyberNewswire

• 12,388 minutes of continuous attacks – more than eight days straight
• 509 terabytes of cumulative attack volume
• 70% of companies targeted in an initial attack are hit again

Link11 has published its European Cyber Report 2026, revealing that DDoS attacks reached a new level in 2025 and have become a permanent stress factor for digital infrastructures.

The report shows that the number of documented attacks in the Link11 network rose by 75% in 2025, following explosive growth in the previous year (+137%). This establishes DDoS attacks as a permanent structural burden for companies and critical infrastructures in Europe.

Record values: Terabit attacks have become common. While a single 1.4 Tbit/s attack was considered exceptional in 2024, three attacks surpassing 1 Tbit/s were recorded in 2025. The strongest attack measured was 1.33 Tbit/s, with over 120 million packets per second.

A coordinated series of attacks totaled 509 terabytes of data. This corresponds to the daily data traffic of a medium-sized city of around 120,000 people, or over 170,000 hours of HD video streaming.

From short peaks to continuous load

The increase in the duration of attacks is particularly alarming. The longest recorded attack lasted 12,388 minutes – over eight days straight. In 2025, active DDoS attacks were observed 88% of the time. This equates to 322 days per year when systems in the Link11 network were targeted by attacks. This effectively makes the state of emergency the norm.

At the same time, attack dynamics are changing. There is a greater than 70% probability that an initial attack will be followed by at least one additional attack. On average, 2.8 follow-up attacks were recorded after an initial incident – an 80% increase compared to the previous year.

“We are experiencing a clear paradigm shift. DDoS is no longer a disruptive one-off event but rather a permanent strategic burden on digital business models,” says Jens-Philipp Jung, founder and CEO of Link11. “Those who only react when an attack occurs have already lost. Resilience must be permanent, automated, and architecturally anchored.”

New attack tactics: a hybrid of volume, endurance, and precision

In addition to massive bandwidth, analysts have observed a strategic combination of high-volume attacks and long-lasting, low-and-slow scenarios. Attackers systematically test protective mechanisms, vary patterns in real time, and increasingly shift their activities to the application level.

“It’s not just the size of an attack that matters anymore, but also its endurance and adaptability,” Jung continues. “Modern DDoS campaigns combine extreme bandwidth with tactical patience. That is exactly what makes them so dangerous.”

Rethinking resilience: Combining infrastructure and application levels

The report’s findings make it clear that DDoS attacks are not just a technical problem anymore. These attacks directly impact revenue, reputation, SLA commitments, and regulatory requirements.

Therefore, in addition to powerful, always-on DDoS protection, protecting web applications and APIs is becoming strategically important. Modern attacks increasingly target Layer 7, imitate legitimate traffic, and cause gradual performance degradation without triggering classic alarm thresholds. Web Application & API Protection (WAAP) is a key recommendation: digital business processes can only be operated in a permanently stable and predictable manner through a combination of network protection, behavior-based analysis at the application level, and AI-supported bot detection.

Companies should take a holistic approach to their security architecture.

• Always-on DDoS protection instead of reactive emergency measures
• WAAP solutions to secure web applications and APIs
• Automated, AI-powered detection and mitigation

Integration of DDoS scenarios into business continuity and crisis plans

“Digital availability is a competitive factor today,” says Jung. “Cyber resilience determines whether business models can withstand constant technological, operational, and geopolitical attacks.”

About Link11

Link11 is a specialized European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications and avoid business interruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. With PCI-DSS, SOC2 Type 2, C5, and ISO-27001 certifications, the company meets the highest standards in data security.

Contact

Lisa Froehlich
Link11 GmbH
[email protected]