137% more DDoS attacks than last year

Cyberattacks are no longer an abstract threat – they dominate risk planning for companies worldwide. The latest Link11 European Cyber Report shows an alarming trend: the number of DDoS attacks has more than doubled, and they are shorter, more targeted, and more technically sophisticated. Organizations that do not continuously evolve their security strategies face significant financial losses and long-term reputational damage.

The numbers speak for themselves:

137% more DDoS attacks on the Link11 network compared to last year.
A new scale has been reached: The largest attack measured to date was 1.4 terabits per second (Tbps).
Attacks are shorter and highly effective: Two-thirds of all attacks peaked in just 10 to 60 seconds.
Multi-vector attacks are setting new standards: The combination of different attack vectors makes defence more difficult and requires more precise protection.

Why organizations should act now

The Allianz Risk Barometer 2025 highlights that while digital transformation presents new opportunities, it also expands the attack surface for cyber threats. Cybercriminals are leveraging powerful botnets and increasingly sophisticated attack techniques, accelerating the speed and impact of DDoS attacks. A recent case demonstrates how these evolving threats are testing the resilience of organizations.

Multi-vector DDoS: When Network Load Meets Application Attacks

A four-day attack combined Layer 3/4 and Layer 7 techniques, putting both infrastructure and web applications under massive pressure. Link11 recorded a total of 120 million requests, resulting in more than a million WAF logs – a load that quickly overwhelmed conventional defenses.

The attackers’ strategic approach was particularly striking:

Layer 3/4 attacks: Massive data streams overwhelm the network infrastructure.
Layer 7 attacks: APIs and web applications were deliberately crippled with complex queries.
Dynamic attack patterns: Attacks were launched in waves to test the response times of defences.

Organizations that do not continuously adapt their IT security strategy risk becoming victims of targeted attacks. Web applications and APIs are particularly targeted by cybercriminals because they often handle sensitive data and control critical business processes.

Modern security architecture is the key to resilience

The incident underscores the growing limitations of traditional DDoS defences, emphasizing the need for more adaptive mitigation strategies. Enterprises are increasingly turning to AI-powered systems for real-time threat detection and attack prevention. Additionally, Web Application and API (WAAP) protection is gaining importance as attackers continue to exploit this critical attack vector.

Combining advanced protection solutions:

Bot management to block automated attacks
Adaptive WAF systems that adapt in real time
AI-based attack detection for early detection of suspicious patterns

A holistic security strategy combines advanced DDoS mitigation, continuous monitoring, and adaptive protection mechanisms. “The increasing number of DDoS attacks shows that cybercriminals continue to rely on this proven method. However, the shortened attack time does not mean that the threat is decreasing – on the contrary: companies need to react faster and further optimize their defense mechanisms.”

Jens-Philipp Jung, CEO of Link11

The full European Cyber Report 2025 can be downloaded here.

About Link11

Link11 is a specialized global IT security provider that protects infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide to strengthen the cyber resilience of their networks and critical applications and avoid business disruption. Link11 is a BSI-qualified provider for DDoS protection of critical infrastructure. With ISO 27001 certification, the company meets the highest standards in data security.