DDoS attacks continue to grow in frequency and complexity, marking a significant escalation in cyber threats. Recent figures show an alarming increase, with cybercriminals using increasingly innovative techniques. This section details current trends and key statistics that illustrate the scale of this phenomenon.
Exponential Growth and Increased Sophistication
The number of DDoS attacks has increased dramatically, with a rise of nearly 550% in 2024 compared to the previous year. This growth is fueled by the emergence of more advanced techniques, particularly at the application layer (layer 7 of the OSI model). Attacks such as HTTP/2 Rapid Reset demonstrate the ability of attackers to exploit specific vulnerabilities to maximize impact with fewer resources.
Attacks have also become larger in volume, reaching unprecedented peaks. At the end of May 2025, a record attack of 7.3 terabits per second (Tbps) was recorded, while another reached 4.8 billion packets per second in April 2025. These figures underscore the need for organizations to have large-scale mitigation capabilities.
Diversity of Attack Techniques
Beyond traditional volumetric attacks, “Low & Slow” attacks are gaining popularity. More discreet, they aim to exhaust server resources over time, making them more difficult for traditional security systems to detect. This approach allows attackers to maintain constant pressure on the target without triggering the usual volumetric alerts.
Targets and Motivations
Cybercriminals are increasingly favoring geographically targeted attacks, adapting their strategies according to region and industry. The motivations behind these attacks are multiple and complex. Hacktivism and geopolitical tensions play a major role, with groups such as Anonymous Sudan conducting campaigns against large companies for ideological reasons. Conflicts in Europe and the Middle East have also exacerbated this threat environment.
In addition to ideology, revenge, unfair competition, and extortion are frequent drivers. Attackers seek to disrupt operations, damage reputations, or extract funds. In 2023, the banking and financial sector was the most affected, but in the fourth quarter of 2024, telecommunications, internet service providers, and operators became the preferred targets, highlighting a shift in attackers’ priorities.