Luxembourg, Luxembourg, March 24th, 2026, CyberNewswire

Gcore data highlights a threat landscape defined by newfound automated attack capabilities, scale, and frequency

Gcore, the global infrastructure and software provider for AI, cloud, network, and security solutions, today announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack volumes, increasingly sophisticated tactics, and changes in attack locations driven by evolving botnet infrastructure.

The DDoS attack landscape is at a clear inflection point: threats are not just growing; they are accelerating and diversifying. To prevent disruption, businesses must act quickly and adopt integrated solutions capable of detecting intent, analysing behaviour, and responding to threats across multiple attack surfaces.

Key insights from Q3-Q4 2025

• Total number of attacks grew to 1300K in Q4 2025 from 512K in Q4 2024, reinforcing the view that DDoS activity is entering a new phase of scale and frequency
• Attack volumes surged to 12 Tbps in Q4, representing a sixfold increase and highlighting unprecedented growth in attack capabilities.
• 75% of network-layer attacks lasted less than one minute, while application-layer attacks showed a shift toward longer durations
• Technology remains the most targeted sector, accounting for 34% of attacks, followed by financial services (20%) and gaming (19%).
•  Geographic patterns show a strong concentration of attack sources in Latin America, with Mexico and Brazil together accounting for 55% of observed activity.

Andrey Slastenov, Head of Security, Gcore, commented: ‘‘The latest Radar report is a call to action for business across industries. Attacks are becoming more frequent and more sophisticated because organising them is now cheaper and easier than ever. Businesses and organisations that previously felt unaffected are now being targeted. Effective protection strategies do exist, but understanding what is happening and being prepared has never been more important.’’ 

New drivers of DDoS attack growth and intensity

DDoS attack volumes and scale have reached new levels, with the sixfold increase from 2.2 Tbps to 12 Tbps, reflecting the rapid escalation of attack capabilities.  Several structural factors are causing DDoS attack numbers to grow:

• Broader access to attack tools
• Expansion of insecure IoT ecosystems
• Geopolitical and economic instability
• Increasing sophistication of attack techniques

Network-layer attacks continue to increase

Network-layer attacks accounted for 82% of all observed incidents in the current period, a significant 20% increase from the last report. This surge reflects the economics of cybercrime: network-layer attacks are cheaper and easier to execute, making them an attractive option for attackers who simply want to cause disruption.

Recent data reveals shifts in attack duration and sophistication

Network-layer DDoS attacks became noticeably shorter in duration, with most attacks (75%) lasting less than one minute. Only 2% of attacks extended beyond ten minutes, indicating a continued shift toward highly intense, short-lived bursts designed to overwhelm targets quickly before mitigation measures fully engage. At the same time, application-layer DDoS attacks followed an opposite trajectory, with medium-duration attacks becoming significantly more common as 64% of attacks exceeded 10 minutes.

Attackers also increasingly relied on automation to execute large-scale campaigns. This shift reflects a broader transition from opportunistic abuse toward more deliberate, business-impact-focused attacks, including account takeover attempts, scraping, and direct manipulation of application workflows.

Attackers target digitally intensive sectors for maximum disruption

Attacks concentrated around several key sectors, including technology (34%), financial services (20%), and gaming (19%). These sectors are favoured targets because service availability is critical, and disruption can generate immediate operational or financial impact. The continued growth of attacks targeting the technology sector reflects its foundational role in today’s digital economy. As digital ecosystems become increasingly interconnected and cloud-dependent, attackers appear to prioritise infrastructure-layer targets capable of generating the broadest possible disruption.

The Americas dominate geographical distribution of attack sources

The geographic distribution of attack sources shows a strong concentration in the Americas, with Mexico accounting for 31% of network-layer observed traffic, followed by Brazil (24%) and the United States (20%). The US remains prevalent for application layer attacks as well, at 23% representation. The likely culprit for the American dominance of network-layer attacks is the AISURU botnet, which disproportionately affects networks and device ecosystems in these countries.

In today’s sophisticated attack environment, the data reveals why it’s critical to mitigate attacks as close to their source as possible, rather than near the target. Effective protection requires globally distributed capacity, not only in regions with high traffic demand, but also in regions that are frequent sources of attack activity – which are often not the same.

To access the full report, users can visit https://gcore.com/resources/gcore-radar-attack-trends-q3-q4-2025.

About Gcore

Gcore is a global infrastructure and software provider for AI, cloud, network, and security solutions. Headquartered in Luxembourg, Gcore operates its own sovereign infrastructure across six continents, delivering ultra-low latency and compliance-ready performance for mission-critical workloads. Its AI-native cloud stack combines software innovation with hyperscaler-grade functionality, enabling enterprises and service providers to build, train, and scale AI everywhere—across public, private, and hybrid environments. By integrating AI, compute, networking, and security into a single platform, Gcore accelerates digital transformation and empowers organizations to unlock the full potential of AI-driven services.

Users can learn more at gcore.com.

Contact

PR Manager
Kira Kurepina
Gcore
[email protected]