Article Details

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds. The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most attacked sector, while the financial services industry continues to face heightened risks. Key takeaways: the evolving DDoS landscape Here are five key insights from the Q1–Q2 2025 Gcore Radar report: DDoS attack frequency has surged Gcore Radar highlights a continued upward trajectory in DDoS activity. Compared to H2 2024, attack volumes rose 21%, while YoY growth reached 41%, underscoring a long-term escalation trend. Several factors contribute to this rise: The largest attack reached 2.2 Tbps The peak assault in Q1–Q2 2025 hit 2.2 Tbps, surpassing late 2024's 2 Tbps attack. While attacks exceeding 1 Tbps remain rare, their frequency is rising, highlighting attackers' growing ambition to overwhelm networks, applications, and services. Even smaller attacks can incapacitate unprotected systems. Industries targeted are shifting Technology now represents 30% of all DDoS attacks, overtaking gaming (19%). Hosting providers supporting SaaS, e-commerce, gaming, and financial clients are particularly vulnerable, as a single attack can trigger ripple effects across multiple dependent businesses. Financial services account for 21% of attacks. Banks and payment systems are prime targets due to high disruption potential, regulatory sensitivity, and ransomware risk. Gaming continues to face significant threats, but improved defenses and strategic attacker shifts reduced its share from 34% in H2 2024 to 19% in H1 2025. Key drivers of ongoing attacks include competitive advantage and revenue impact. Telecommunications now make up 13% of attacks, reflecting their role as critical internet infrastructure. Media, entertainment, and retail see more moderate attack levels, with media at 10% and retail at 5–6%. Attack duration and tactics Recent data shows a shift toward longer, more sustained assaults. Attacks under 10 minutes decreased by roughly 33%, while 10–30 minute attacks nearly quadrupled. Maximum attack duration slightly decreased, from five hours to three, indicating a focus on concentrated, high-impact campaigns. Short bursts remain preferred. Despite longer attacks gaining prevalence, brief attacks remain highly disruptive, evading automated defenses and often serving as smokescreens for multi-stage cyberattacks. Attack vectors In terms of network-layer attack vectors, UDP flood attacks remain dominant, accounting for 56% of network-layer attacks, followed by SYN floods (17%), TCP floods (10%), ACK floods (8%), and ICMP (6%). Multi-vector approaches allow attackers to mask malicious activity as legitimate traffic. ACK flood attacks continue to rise, now making up 8% of network-layer traffic, highlighting their ability to bypass detection. Application-layer attack vectors L7 UDP floods dominate (62%), followed by L7 TCP floods (33%), with other attack types at 5%. Attackers increasingly exploit business logic and APIs to disrupt operations beyond traditional network overload. Geographical trends The United States and the Netherlands remain top sources for network-layer attacks. Hong Kong emerges as a new significant source, contributing 17% of network-layer and 10% of application-layer attacks. These findings highlight the need for proactive, geographically aware defenses. Multi-layered attacks highlight the critical role of WAAP Attackers are increasingly targeting web applications and APIs, exploiting inventory systems, payment flows, and customer interaction points. These attacks often combine volumetric disruption with manipulation of economic logic, affecting sectors such as e-commerce, logistics, online banking, and public services. Gcore DDoS Protection: defending against evolving threats Gcore DDoS Protection leverages 200+ Tbps filtering capacity across 210+ PoPs worldwide, neutralizing attacks in real time. Integrated Web Application and API Protection (WAAP) combines DDoS mitigation, bot management, and API security to protect critical assets while maintaining performance. Download the full report.