The pattern matters because it suggests not only more attacks, but attacks built for speed, scale and frequency. Gcore said three quarters of network-layer assaults lasted less than one minute, indicating that attackers are leaning on brief, high-intensity barrages designed to overwhelm targets before defenders can respond manually. Network-layer incidents accounted for 82 per cent of observed attacks in the period covered, up from the previous report, while application-layer campaigns showed signs of lasting longer and becoming more persistent.
Technology companies bore the largest share of this pressure, accounting for 34 per cent of attacks in the Gcore data, followed by financial services at 20 per cent and gaming at 19 per cent. That sector mix is consistent with the economics of disruption: cloud platforms, exchanges, payments systems, online games and digital consumer services all depend on uninterrupted availability, making downtime immediately costly. Broader industry tracking also indicates that financial and telecom targets remain under sustained pressure, reflecting the appeal of critical infrastructure and always-on digital services to both criminal and politically motivated actors.
What is changing fastest is the ceiling of attack power. Cloudflare reported that DDoS activity more than doubled across 2025, with 47.1 million attacks mitigated over the year and network-layer attacks more than tripling from 11.4 million in 2024 to 34.4 million in 2025. It also disclosed a 31.4 Tbps attack in the fourth quarter lasting 35 seconds, far above the 12 Tbps figure cited in the Gcore study, showing that the market is now dealing with a range of hyper-volumetric assaults rather than isolated records. Cloudflare said a late-December campaign linked to the Aisuru-Kimwolf botnet delivered attacks exceeding 200 million requests per second and involved a large pool of infected Android TV devices.
That gap between datasets does not necessarily indicate contradiction. Cybersecurity firms observe different customer bases, geographies and network segments, so their measurements capture different slices of the threat landscape. Taken together, however, the reports point in the same direction: DDoS is getting bigger, more automated and harder to dismiss as a low-grade hazard. NETSCOUT, in its second-half 2025 threat intelligence reporting, said it tracked more than eight million attacks worldwide and highlighted the growing role of botnets, multi-vector tactics and AI-assisted operations. It also warned that attack demonstrations had reached 30 Tbps and 4 billion packets per second, reinforcing the view that offensive capacity is expanding faster than many corporate defences.
Geography is also shifting. Gcore identified a strong concentration of observed attack sources in Latin America, with Mexico and Brazil together accounting for 55 per cent of activity in its dataset. Cloudflare, looking at a different pool, said Hong Kong and the United Kingdom climbed sharply in the ranking of most-attacked places during the final quarter of 2025. Those differences again reflect varying vantage points, but they support a broader point: attack infrastructure is more diffuse, botnet ecosystems are more mobile, and enterprises can no longer assume that exposure is confined to a familiar set of hotspots.
The falling barrier to entry is one of the more troubling elements in the latest findings. Gcore said attacks are becoming cheaper and easier to organise, helped by wider access to attack tools, insecure internet-connected devices, geopolitical instability and more sophisticated methods. NETSCOUT similarly pointed to AI-enhanced DDoS-for-hire activity and stronger coordination among threat actors. For corporate security teams, that means disruption can now be launched by a wider pool of adversaries, including less technically skilled operators using rented infrastructure or automated toolkits.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
