The risk panorama surrounding distributed denial-of-service (DDoS) assaults intensified considerably within the first half of 2025, in accordance with the newest Link11 European Cyber Report. Documented assaults concentrating on the Link11 community elevated by 225% in comparison with the identical interval in 2024. The report highlights not solely a marked rise in assault frequency but in addition a considerable escalation of their length, depth, and technical sophistication. Notably, attackers deployed volumes reaching 438 terabytes—equal to over seven years of steady 4K Netflix streaming—and more and more employed Layer 7 assaults that intently mimic authentic consumer visitors. The report additionally identifies politically motivated campaigns, together with these attributed to teams resembling NoName057(16), concentrating on crucial infrastructure.
Report figures: information avalanches and sustained assaults
Within the first half of 2025, the quantity of assaults totaled 438 terabytes. This corresponds to the information consumption of seven years of uninterrupted Netflix streaming in 4K decision. The recorded peak values of 1.2 terabits per second and 207 million packets per second reached dimensions that may overload even high-performance methods.
The length has additionally elevated: the longest documented assault lasted greater than 8 days. The shift from brief flash assaults to coordinated sustained fireplace by long-term campaigns presents protection methods with ever-changing challenges.
New types of assault: Precision as a substitute of brute pressure
Whereas basic volumetric assaults proceed to dominate, Link11 analysts are seeing a big enhance in exact Layer 7 assaults. These cleverly disguise themselves in authentic information visitors by producing seemingly regular requests.
“If they’re invisible in common visitors, 20,000 deceptively real requests per minute may be extra harmful than 200 million packets per second,” explains Jag Bains, VP Answer Engineering at Link11.
Politically motivated assaults on crucial infrastructure
The connection between geopolitical occasions and waves of assaults is especially placing. Professional-Russian teams resembling NoName057(16) focused authorities businesses, banks, power suppliers, and metropolis administrations in Europe. These assaults usually coincided with safety coverage choices. Different teams, resembling Darkish Storm and Keymous additionally turned extra outstanding.
“The size are horrifying. Within the first half of 2025, we recorded a complete of 438 terabytes of DDoS visitors on the Link11 community. That’s equal to greater than 7 years of continuous Netflix streaming in 4K. Comparisons like this illustrate the risk higher than any statistics,“ says Jens-Philipp Jung, founder and CEO of Link11. ”European firms urgently want resilient protection methods to guard their digital sovereignty.”
Professionalization by crime-as-a-service and AI
The assaults will not be solely larger and longer, they’re additionally extra professionally organized. Attackers are more and more working collectively, utilizing DDoS-as-a-service platforms and AI to optimize and camouflage their assaults. The World Financial Discussion board highlights this automation in its World Cybersecurity Outlook 2025 as a key driver of the risk panorama.
Resilience as a substitute of response required
The report’s findings present that firms and establishments must constantly increase their safety structure. This contains:
- Actual-time monitoring for early detection of assaults
- AI-supported protection methods for automated mitigation
- Contingency plans and redundancy methods for emergencies
Solely with a mixture of clever protection expertise and clearly outlined resilience methods can the implications of huge assaults on enterprise processes and important infrastructures be successfully restricted.
About Link11
Link11 is a specialised European IT safety supplier that protects world infrastructures and net functions from cyberattacks. Its cloud-based IT safety options assist firms worldwide strengthen the cyber resilience of their networks and important functions to keep away from enterprise interruptions. Link11 is a BSI-qualified supplier of DDoS safety for crucial infrastructure. With PCI DSS and ISO 27001 certifications, the corporate meets the best requirements in information safety.
Contact
Lisa Froehlich
Link11 GmbH
l.froehlich@link11.com
