DDoS Attacks Surge 168% as Multi-Terabit Campaigns Redefine the Threat Landscape

Distributed Denial-of-Service attacks are escalating at a pace that security teams are struggling to match. New research from Radware’s 2026 Global Threat Analysis Report highlights what it describes as a dramatic surge in cyber-attack activity during 2025, with DDoS incidents increasing by 168 percent compared with the previous year.

The findings, based on analysis of Radware customer telemetry, show that the average organization monitored by the company faced more than 25,351 attempted DDoS attacks during the reporting period. That equates to roughly 139 attempted attacks every single day. For many enterprises, this is no longer an occasional disruption but a constant operational pressure.

Statistics Credit: HackRead

Technology Sector Bears the Brunt

Technology, telecommunications and financial services were the most targeted industries. According to the report, the technology sector alone accounted for 45 percent of all network-layer DDoS attacks, marking an increase of nearly nine percent compared with 2024.

This concentration is significant. Technology providers often serve as infrastructure backbones for other industries. Disrupting a single cloud service provider or telecom operator can have cascading effects across thousands of downstream businesses.

The report warns that the growth observed is not isolated. Instead, it reflects an accelerating trend defined by increasing frequency, larger payload sizes and automation that reduces the time between reconnaissance and execution.

Faster, Stronger and Harder to Stop

Attack characteristics are also changing. The average duration of common DDoS campaigns, particularly those between 100 and 500 gigabits per second, now exceeds ten hours. Sustained bandwidth pressure at that scale can overwhelm unprepared infrastructure and degrade customer-facing services.

At the extreme end, multi-terabit attacks are becoming more common. These high-powered incidents are designed to strike quickly, with an average duration of just 35 minutes. Their objective is impact rather than endurance, overwhelming defenses before mitigation systems can fully react.

Web-based DDoS campaigns are even shorter. Many high-impact web application attacks now last under 60 seconds. By the time security teams detect abnormal traffic spikes, the disruption has already occurred.

Hacktivism Remains the Primary Driver

Despite the technical evolution of DDoS tactics, the core motivation remains largely unchanged. Hacktivism continues to be the dominant force behind these campaigns. Organized groups leverage DDoS as a visibility tool, targeting perceived political or ideological adversaries.

Researchers noted the existence of a mature ecosystem supporting these operations. Hundreds of Telegram channels are reportedly used to coordinate attack campaigns, recruit participants and amplify the public impact of disruptions. The infrastructure behind these campaigns has become increasingly distributed and resilient.

During 2025, the three most targeted countries were Israel at 12.2 percent of recorded incidents, the United States at 9.4 percent and Ukraine at 8.9 percent. Analysis suggests that pro-Russian groups were responsible for a significant proportion of the observed campaigns, reflecting how DDoS activity has become intertwined with geopolitical tensions.

A New Reality for Enterprise Defense

The report characterizes the current threat environment as defined by unprecedented scale and algorithmic speed. Attack infrastructure has evolved beyond loosely organized botnets into coordinated, fast-moving networks capable of launching synchronized campaigns across multiple targets.

For enterprises, this means reactive defense is no longer sufficient. Traditional traffic filtering and static rate-limiting controls may not respond quickly enough to mitigate sub-minute attack bursts. Organizations must invest in automated detection systems capable of identifying abnormal traffic patterns in real time.

Proactive threat intelligence, preconfigured mitigation playbooks and integration with upstream service providers are becoming essential components of modern DDoS resilience strategies. In many cases, the difference between a minor disruption and a major outage is measured in seconds.

As DDoS attacks grow more frequent and more powerful, the central challenge for 2026 will not be whether attacks continue, but whether defenders can adapt quickly enough to counter them. Agility, automation and layered mitigation strategies are now fundamental requirements in a landscape where digital infrastructure is under constant strain.