Gcore reveals surge in DDoS attacks and target sector shift

03 October 2025

Ahead of Cyber Security Awareness Month (October), Gcore has unveiled its Q1-Q2 2025 Radar report, highlighting a significant increase in Distributed Denial of Service (DDoS) attack activity worldwide. The report underscores the growing sophistication and scale of cyber threats, emphasising the urgent need for organisations to strengthen their cybersecurity defenses.

According to the report, the total number of DDoS attacks in the first half of 2025 surged by 41% compared to the same period last year, totalling over 1.17 million attacks. Peak attack bandwidth also reached new heights, surpassing 2.2Tbps, exceeding the previous record of 2Tbps set in late 2024. The nature of these attacks is evolving; while shorter attacks under 10 minutes have decreased by approximately 33%, there has been a near fourfold increase in attacks lasting between 10 and 30 minutes. These longer-lasting assaults are designed to bypass auto-mitigation systems and cause more extensive damage.

The report notes a shift in targeted sectors, with the technology industry overtaking gaming as the most frequently attacked sector. Financial services also experienced a 15% rise in attack volume, indicating that threat actors are increasingly focusing on industries that offer higher disruption potential and may have comparatively lower levels of cybersecurity preparedness.

In addition, application layer attacks — those targeting web applications and APIs — have become more prevalent, rising from 28% to 38%. This trend reflects a strategic move by attackers toward multi-vector assaults that exploit vulnerabilities in customer-facing systems. The largest recorded attack peaked at 2.2Tbps, illustrating the ongoing trend of unprecedented attack sizes and scales.

Attackers are increasingly adopting multi-vector tactics, embedding malicious traffic within legitimate-looking streams to evade detection. The rise in longer-lasting attacks appears to be a deliberate attempt to test infrastructure resilience and maximise disruption. Hosting providers, supporting services such as SaaS, e-commerce, gaming, and finance, have become prime targets, as attacks on these entities can cascade into widespread outages and damage their reputations.