Gaming industry under DDoS attack. Get DDoS protection now. Start onboarding
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Blog
  3. Gcore Radar Q3–Q4 2025: three insights into an accelerating threat landscape
Industry trends
Security

Gcore Radar Q3–Q4 2025: three insights into an accelerating threat landscape

  • March 24, 2026
  • 2 min read
Gcore Radar Q3–Q4 2025: three insights into an accelerating threat landscape

Cyberattacks are not just growing—they're accelerating at an alarming pace. The second half of 2025 marked a dramatic escalation in both the frequency and scale of DDoS attacks, with record-breaking volumes and increasingly sophisticated tactics that challenge traditional defense strategies. For businesses across industries, understanding these shifts is essential to building resilient, adaptive security.

The latest edition of the Gcore Radar report, covering Q3–Q4 2025, reveals unprecedented changes in attack volumes, geographic patterns, and attacker strategies. Together, these findings highlight a fundamental shift in the threat landscape and underscore why proactive, layered defense has never been more critical.

Here are three key insights from the report, which you can download in full here.

1. Attack volumes and scale have reached unprecedented levels

In Q3–Q4 2025, the total number of DDoS attacks more than doubled compared to the first half of the year, representing a sharp acceleration in threat activity.

image.png

Even more striking, the maximum observed attack size surged to 12 Tbps in Q4 2025—a sixfold increase from the 2.2 Tbps peak recorded in the first half of the year. This dramatic escalation reflects the growing availability of large botnets and more efficient amplification techniques, enabling attackers to generate extreme traffic volumes with unprecedented impact.

2. Geographic patterns reveal a dramatic realignment

The distribution of attack sources has shifted significantly. Network-layer attacks are now heavily concentrated in the Americas, with Mexico, Brazil, and the United States together accounting for 75% of all observed traffic.

image.png

This concentration is largely driven by the AISURU botnet's exploitation of compromised IoT device ecosystems across these regions. In contrast, application-layer attacks maintain a more globally distributed footprint, with notable activity from the United States, France, and other European nations.

3. Attackers deploy contrasting strategies across network and application layers

Attack tactics have become more nuanced and harder to defend against. At the network layer, 75% of attacks now last less than one minute—hyper-concentrated bursts designed to overwhelm defenses before automated mitigation fully engages.

image.png

Meanwhile, application-layer attacks are trending in the opposite direction. Half of all application-layer attacks now last between 10 and 30 minutes, with 8% exceeding an hour. These sustained campaigns target backend resources and business logic, blending into legitimate traffic to evade traditional defenses.

How Gcore helps businesses stay protected

As attack methods evolve and intensify, businesses need equally advanced protection. Gcore DDoS Protection offers over 200 Tbps filtering capacity across 210+ points of presence worldwide, neutralizing threats in real time regardless of scale. Integrated Web Application and API Protection (WAAP) extends defense beyond network perimeters, protecting against sophisticated application-layer attacks and business-logic exploitation.

To explore the report's full findings, download the complete Gcore Radar report here.

Download Gcore Radar Q3-Q4 2025

null

Gcore Team

Content Team

Table of contents

Try Gcore Security

Gcore all-in-one platform: cloud, AI, CDN, security, and other infrastructure services.

Try for free

Related articles

Four e-commerce takeaways from the Berlin Expo

E-commerce is moving fast — and the conversations at E-commerce Berlin Expo reflected just how much has changed in the last few years.Now that the event is over, here are four things I took away from speaking with key players across the ind

Gcore successfully stops 6 Tbps DDoS attack

Gcore recently detected and mitigated one of the most powerful distributed denial-of-service (DDoS) attacks of the year, peaking at 6 Tbps and 5.3 billion packets per second (Bpps).This surge, linked to the AISURU botnet, reflects a growing

Gcore Radar Q1–Q2 2025: three insights into evolving attack trends

Cyberattacks are becoming more frequent, larger in scale, and more sophisticated in execution. For businesses across industries, this means protecting digital resources is more important than ever. Staying ahead of attackers requires not on

No capacity = no defense: rethinking DDoS resilience at scale

DDoS attacks are growing so massive they are overwhelming the very infrastructure designed to stop them. Earlier this year, a peak attack exceeding 7 Tbps was recorded, while 1–2 Tbps attacks have become everyday occurrences. Such volumes w

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat

Introducing Gcore for Startups: created for builders, by builders

Building a startup is tough. Every decision about your infrastructure can make or break your speed to market and burn rate. Your time, team, and budget are stretched thin. That’s why you need a partner that helps you scale without compromis

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe