The cybersecurity panorama skilled an unprecedented escalation in digital threats through the first half of 2025, with Internet Distributed Denial of Service (DDoS) assaults surging by 39% in comparison with the second half of 2024.
The second quarter alone witnessed a staggering 54% quarter-over-quarter spike in assault exercise, marking the very best ranges on file and signaling a elementary shift in how cybercriminals orchestrate their campaigns.
Geographic distribution of Internet DDoS assault exercise in 2025 and 2024 (supply – Radware)
This dramatic enhance represents greater than only a numerical surge; it displays a strategic evolution in assault methodologies.
In contrast to earlier years characterised by large volumetric assaults, menace actors in 2025 have pivoted towards smaller, extra sustained assaults predominantly working beneath 100,000 requests per second (RPS).
This tactical shift demonstrates the rising affect of automated instruments enhanced by generative synthetic intelligence, successfully democratizing DDoS capabilities amongst loosely coordinated menace teams and enabling new actors to enter the cybercrime ecosystem.
Radware researchers recognized that regardless of the prevalence of smaller-scale assaults, peak capabilities stay formidable, with the biggest recorded Internet DDoS assault reaching a rare 10 million RPS within the first quarter.
The corporate’s complete evaluation revealed that application-layer exploitation has turn out to be equally regarding, with malicious net transactions rising by 33% in comparison with the latter half of 2024.
Remarkably, the quantity of malicious exercise noticed in simply six months already accounts for 87% of the overall recorded all through the complete earlier 12 months.
The menace panorama has been additional sophisticated by a parallel surge in unhealthy bot exercise, which elevated by 57% throughout the identical interval.
These automated threats, designed for fraud, credential stuffing, and knowledge scraping operations, mirror the trajectory of application-layer assaults and underscore the rising sophistication of cybercriminal infrastructure.
Hacktivist teams have additionally intensified their operations, claiming practically 9,200 DDoS assaults on Telegram platforms, representing a 62% enhance over the primary half of 2024.
AI-Enhanced Assault Automation and Persistence Ways
The emergence of AI-enhanced assault instruments has basically remodeled the persistence and execution methods employed by fashionable menace actors.
Conventional DDoS campaigns relied closely on brute-force volumetric assaults that have been simply detectable and infrequently short-lived.
Internet software and API assaults by class (supply – Radware)
Nonetheless, the mixing of machine studying algorithms and generative AI has enabled attackers to develop extra nuanced approaches that may adapt in real-time to defensive countermeasures.
These AI-driven methods can robotically modify assault parameters reminiscent of request patterns, timing intervals, and goal choice to take care of persistence whereas evading detection mechanisms.
The shift towards sustained, lower-volume assaults displays this technological evolution, as automated methods can preserve extended campaigns with minimal human intervention.
Vulnerability exploitation, which accounts for over one-third of all application-layer assaults, has turn out to be more and more refined by means of AI-assisted reconnaissance instruments that may establish and exploit weaknesses sooner than conventional handbook strategies.
The democratization of those capabilities by means of open-source instruments and AI enhancement has lowered the technical limitations for entry, enabling a broader vary of actors to conduct efficient cyber operations with unprecedented coordination and persistence.
Enhance your SOC and assist your staff defend your corporation with free top-notch menace intelligence: Request TI Lookup Premium Trial.
