The numbers from the DDoS landscape tell a troubling story.
In Q3 2024, DDoS attacks reached unprecedented levels, reaching a record-breaking Tbps and billion packet-per-second attack. These hyper-volumetric campaigns tested the resilience of global networks against attackers who are becoming faster, smarter, and more resourceful.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
They also became a wake-up call for IT leaders who are tasked with defending modern digital infrastructure. Now, the question isn’t whether more challenges lie ahead in 2025 but whether we are ready to meet them.
Last year’s DDoS activity clearly showed escalating threats. Nearly 6 million DDoS attacks were mitigated, marking a 49% rise quarter-over-quarter and a 55% increase year-over-year, according to Cloudflare’s Q3 2024 DDoS report. Over 200 of these attacks exceeded 1 Tbps, with the largest topping out at 5.6 Tbps. These numbers show we’re now in an era of hyper-volumetric assaults.
The attacks were also incredibly persistent. While 90% lasted less than an hour, a growing 7% of incidents extended beyond this threshold. SYN and DNS floods and SSDP amplification attacks led the charge, with SSDP amplification attacks reaching a 4,000% spike. This shows how common devices like routers or printers are being weaponized.
According to the report, the banking and financial services sector bears the brunt of these attacks. China emerged as the most attacked region, while Indonesia was the largest source of attack traffic—a trend that reveals economic and geopolitical motives influencing the DDoS landscape.
Several key factors are contributing to the dramatic changes and spikes in DDoS strategies, factors that you should be aware of:
The explosion of IoT devices has created a vast attack surface for cybercriminals. These devices, from smart home gadgets to industrial sensors, are easily compromised and converted into powerful botnets. The ability to coordinate millions of these devices enables attackers to overwhelm even robust infrastructures. Malware such as the infamous Mirai is still propagating and infecting vulnerable devices, turning them into a zombie of bots.
However, a growing trend is using cloud platforms as botnet nodes. In this case, such as with Anonymous Sudan, the threat actor gains access to only a few thousand virtual machines. Virtual Machine-based botnets have been seen to be up to x5,000 stronger than IoT based botnets.
Cyber warfare has become a preferred tool for nation-states and politically motivated groups. DDoS attacks targeting energy grids, transportation systems, and healthcare networks can destabilize economies and erode public trust. As tensions rise globally, these attacks are expected to become more frequent and disruptive, making geopolitical awareness a critical aspect of cybersecurity.
Threat actors gather on social media platforms such as Telegram, teach each other attack techniques, and crowdsource an avalanche of small attacks that snowballs into a larger one against seemingly unexpected targets — based on their political and ideological motives.
Beyond botnets and geopolitical motivations, attackers are also developing new and sophisticated attack vectors. Techniques like HTTP/2 Rapid Reset attacks and business logic exploitation are designed to bypass traditional defenses.
For example, an HTTP/2 Rapid Reset attack exploits a vulnerability in how HTTP/2 handles stream resets. This allows attackers to generate a large number of requests that overwhelm the server.
Business logic exploitation targets vulnerabilities in the application’s code, such as flaws in authentication or authorization mechanisms. These methods target systemic weaknesses, such as how requests are processed or workflows are secured. Attackers take advantage of this to blend in with legitimate traffic. Defending against these requires adaptive, context-aware solutions that go beyond conventional tools.
There’s a daunting challenge ahead for every security team. But understanding where the trends are headed will help keep them one step ahead.
Here’s what we anticipate:
The sheer volume of IoT devices, from smart appliances to industrial sensors, creates a vast and often unsecured attack surface. Attackers will increasingly exploit these devices not just for launching DDoS attacks but also as entry points for broader campaigns.
Meanwhile, the rise of VM-based botnets adds another dimension to this threat. Virtual machines provide scalable resources that enable attacks to mimic legitimate traffic at large volumes, making it even more vital to have robust device-level and network-level security measures in place.
Botnets are only getting bigger and more capable. With IoT devices at their core, these networks are expected to drive attacks beyond the record-breaking 5.6 Tbps observed in 2024. Attackers will most likely refine amplification techniques further, exploiting both older vulnerabilities and newly emerging protocols.
For many cloud DDoS protection vendors 5.6 Tbps is equivalent to half or a third of their total global capacity, rendering their services obsolete.
As IoT ecosystems grow, industries previously deemed low-risk, such as retail and consumer electronics, are becoming prime targets. Attackers exploit these systems’ increasing interconnectivity, finding weaknesses in poorly secured devices or cloud-dependent processes.
Also, geopolitical tensions will likely continue to drive attacks on critical infrastructure—energy grids, healthcare systems, and transportation networks—seeking maximum disruption in the face of global conflicts.
APIs, the backbone of modern applications, are becoming a focal point for attackers. Poorly secured APIs, especially shadow or zombie APIs, can expose sensitive data or allow attackers to bypass traditional defenses. To detect misuse, more continuous monitoring and advanced behavioral analytics are required.
With the advancement of AI, autonomous attack systems will begin to appear. These systems can dynamically assess vulnerabilities and launch targeted attacks without direct human intervention. As if malicious campaigns were not already fast and effective enough. Organizations must prepare by adopting equally adaptive and intelligent defense systems.
Attackers are deploying increasingly sophisticated methods, blending massive volumetric floods with finely tuned application-layer exploits. AI-driven botnets are expected to lead this evolution, analyzing defensive measures in real time and adapting accordingly. These multi-vector approaches will challenge traditional defenses, requiring organizations to integrate more intelligent and adaptive threat mitigation tools into their strategies.
Given these emerging threats, organizations need a robust defense strategy. To navigate this landscape, organizations need a defense strategy that is both proactive and resilient. Here’s how to approach it:
Effective defenses begin with visibility. Deploy systems that analyze traffic patterns in real time, identifying anomalies before they escalate. Behavioral analytics can pinpoint unusual activity, whether it’s a sudden traffic spike or a subtle attempt to access unauthorized resources.
Hyper-volumetric attacks demand solutions that can scale dynamically to absorb massive traffic surges. Organizations must protect both network and application layers, with specific attention to API vulnerabilities. This ensures comprehensive coverage against multi-vector assaults.
Simulate DDoS scenarios regularly to assess your organization’s readiness. These exercises help refine response protocols, uncover weak points, and build confidence in your defensive strategies. Collaboration with experienced partners can further bolster your preparedness.
As the data from 2024 shows, the DDoS threat landscape in 2025 will bring even greater challenges. IT leaders must act now, focusing on visibility, scalability, and resilience to safeguard their networks and ensure operational continuity.
GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies
CTO
Legal Services
GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients
CIO
IT Services
It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth
VP of Infrastructure & Technology
Advertising Services