Gcore has released its latest Radar report on DDoS attack trends, covering developments observed in Q3–Q4 2025. The report highlights increases in attack volumes, changes in attack techniques, and shifts in geographic sources linked to evolving botnet activity.
As DDoS threats continue to grow and change, organisations are increasingly encouraged to adopt security approaches that can identify and respond to malicious activity across different attack types and vectors.
Key findings from Q3–Q4 2025
- Increase in attack frequency: DDoS attacks rose from 512K in Q4 2024 to 1300K in Q4 2025
- Higher attack capacity: Attack volumes reached 12 Tbps in Q4 2025
- Most targeted sectors: Technology accounted for 34% of attacks, followed by financial services (20%) and gaming (19%)
- Geographic sources: Mexico and Brazil were the largest sources of observed activity in Latin America, together accounting for 55% of traffic
The report indicates a sixfold increase in overall attack scale, driven by several contributing factors, including broader access to attack tools, the growth of insecure IoT devices, geopolitical and economic instability, and increasingly sophisticated attack methods.
Network-layer attacks accounted for 82% of observed incidents during the period. These types of attacks are often lower cost and easier to execute, which contributes to their prevalence. At the same time, application-layer attacks showed a shift toward longer durations and increased automation.
The report notes that sectors such as technology, financial services, and gaming remain frequent targets due to their reliance on continuous service availability and the potential operational impact of disruption.
In terms of geographic distribution, network-layer attacks were most frequently associated with sources in the Americas, particularly Mexico (31%), Brazil (24%), and the United States (20%). The United States also remained a notable source of application-layer traffic, with activity linked in part to botnet infrastructure such as AISURU.
The findings highlight the importance of mitigation strategies that can address threats close to their source and operate across multiple regions, reflecting the distributed nature of modern DDoS activity.
