Radware’s monitoring showed a 39% increase in Web DDoS attacks compared to the second half of 2024, culminating in a record 54% quarter-over-quarter increase in Q2, indicating a dramatic escalation of cyber threats during the first half of 2025.
This escalation reflects a strategic pivot by threat actors toward smaller, sustained assaults below 100,000 requests per second (RPS), leveraging automated tools augmented by generative AI to democratize DDoS capabilities among emerging and loosely coordinated adversaries.
While average attack sizes diminished, peak incidents reached 10 million RPS in Q1 and 6.2 million RPS in Q2, underscoring the persistence of high-volume threats accessible to sophisticated actors.
Regionally, the Europe, Middle East, and Africa (EMEA) zone endured over half of these attacks, with Asia-Pacific (APAC) experiencing heightened exposure, contrasting a relative decline in North America.
Hacktivist Campaigns
Concurrently, network-layer (L3/L4) DDoS attacks rebounded aggressively, rising 85.5% from H2 2024 and 50.3% from H1 2024, with average mitigations per Radware customer escalating to 7,281 events per quarter in Q2 a 485% increase since Q1 2022.
North America absorbed nearly 46% of this activity, dominated by UDP-based volumetric floods and amplification vectors like DNS and NTP, which comprised 89.2% of total volume.
Notably, SIP protocol targeting emerged as a critical vulnerability for VoIP and communication infrastructures, ranking third among exploited protocols behind HTTPS and DNS.
Hacktivist operations amplified this threat landscape, with 9,172 unique DDoS claims on Telegram a 62% uptick from H1 2024 driven by coordinated reposting across over 650 channels.
Q2 alone saw 5,011 claims, highlighting matured ecosystems fostering ideological and geopolitical disruptions.
According to the report, Europe topped regional targets at 45%, followed by Asia (19%) and the Middle East (17%), with Israel, the United States, and Ukraine as the most frequently hit nations at 13.5%, 12%, and 8.6% of claims, respectively.
Prolific groups like NoName057(16) accounted for 39% of claims, trailed by Keymous+ and Mr. Hamza, focusing predominantly on government sectors (39%), alongside manufacturing, finance, and education.
This surge illustrates the blending of activism with advanced DDoS tactics, often publicized via verifiable check-host links to amplify visibility and impact.
Proliferation of Application-Layer Exploits
Application-layer attacks solidified their dominance, with Radware’s Cloud Web Application Firewall (WAF) detecting a 33% rise in malicious transactions from H2 2024, equating to 87% of 2024’s full-year volume in just six months.
Vulnerability exploitation led at over one-third of incidents, while access violations via brute-force resource discovery techniques grew to 11.3%, exposing hidden assets like configuration files.
SQL injections declined to 1.47%, indicating adversaries’ shift to stealthier methods amid a 150% year-over-year increase from H1 2024.
Paralleling this, bad bot activity exploded by 57% from H2 2024, nearing 90% of 2024’s total in H1 alone, fueled by AI-enhanced botnets enabling fraud, credential stuffing, scraping, and disinformation.
North America faced 33.8% of these threats, with APAC at 27.2% and EMEA at 24.2%, underscoring the challenges in defending against automated, persistent incursions.
This confluence of trends AI-driven DDoS refinement, hacktivist amplification, and app-layer normalization blurs lines between cybercrime and warfare, demanding defenders adopt multi-layered strategies including real-time mitigation, WAF hardening, anti-bot measures, and intelligence-driven automation to counter agile adversaries.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
