2025 was the year where hypervolumetric attacks peaked from 5 TBG/s in early 2025 to 10 TB/s in Jun 2025, topping 30 TB/s in late October 2025, mostly due to the rise of the Aisuru Botnet. The broader DDoS landscape continued to evolve as anticipated, without any major disruptive shifts. In this article, we highlight the key developments and provide a brief outlook for 2026.
As always, the full logbook and a link to all ressources and vendor reports can be found in our „State of DDoS/2025“ report.
Key Takeaways from 2025
- Hypervolumetric Attacks: Short burst-attacks in the TB-Range, especially as the raise of Aisuru-Botnet dominated the botnet-landscape
- Horizontal Flooding aka Multivector/Multilayer: the „everything, eveywhere, everytime“ – attacks became popular, establishing HTTP-Carpetbombing as a valid attack vector
- Proxies: widely used, proxies have become a standard tool for attackers, especially when used as rapid rotation proxies
- Attackers Have Professionalized Further: instead of noisy continuous fire, attackers learned that short surgical attacks can cause impact without beeing detected
- physical DDoS is still a thing, so we track them
- use of AI: mostly seen ITW to help browsers bypass captchas, reports suggest that AI is also used along all stages of the killchain
Outlook for 2026
- AI on the Attacker Side: single tools will develop into attack-frameworks to execute surgical and precise attacks
- API-Attacks: with the rise of AI-tooling everywhere, the attack surface especially for APIs broadens
English 
German