New findings reveal that the second quarter of 2025 experienced a significant increase in application-layer DDoS attacks, with financial institutions being the most frequently targeted.

These types of attacks focus on web applications and are difficult to distinguish from normal traffic, as they often mimic legitimate user behavior. Experts at Qrator Labs reported a 74% increase in such attacks compared to the same period in 2024.

Due to their dependence on continuous digital operations and instant online transactions, financial institutions suffered 43.6% of these attacks. E-commerce companies were targeted in 22.6% of cases, while ICT service providers accounted for 18.2%.

In addition, Q2 2025 witnessed the appearance of the largest DDoS botnet ever documented, comprising 4.6 million compromised devices. For comparison, this is over 3.5 times larger than the prior record and nearly 20 times bigger than the biggest botnet seen throughout 2024.

“This sudden surge in application-layer DDoS attacks is directly linked to the growing number of vulnerable devices with high-speed internet access,” explained Andrey Leskin, chief technology officer at Qrator Labs.

“The scale of botnets we're witnessing now would have been unthinkable even a year ago. An attack from a botnet of this size, if not adequately managed, could produce tens of millions of requests, bringing online services to a standstill, causing transaction failures, and halting digital activities entirely."

DDoS attacks aimed at network and transport layers—layers 3 and 4—also grew more intense, with a 43% increase in attacks surpassing 1 Gbps compared to the same period last year.

The longest of these attacks was directed at online gaming platforms and lasted just over four days.

Common application layer DDoS attack techniques

At the application layer, layer 7, most attacks fell under the category of Request Rate Patterns.

The top three countries from which layer 7 DDoS attacks originated during the quarter remained unchanged from last year: Russia at 17%, the US at 16.6%, and Brazil at 13.2%.

Researchers also noted that the longest Layer 7 DDoS attack in Q2 2025 lasted for 65.5 hours.

Qrator Labs recommends that organizations strengthen their incident response strategies, invest in robust DDoS protection solutions, and perform regular stress tests on their infrastructure to build resilience.

"Not all DDoS protection providers are prepared to handle an attack of this scale, meaning even companies with existing defenses may not be ready for the consequences," warned Leskin.

Earlier this month, research conducted by Akamai Technologies and FS-ISAC, a cybersecurity group serving the financial industry, showed a 23% rise in application-layer DDoS attacks against financial institutions from 2023 to 2024.

The financial sector continued to be the primary target for volumetric DDoS attacks year after year, with a notable jump occurring in October 2024.

Stay updated by following php.cn on Google News for all our latest updates, expert insights, and in-depth coverage.

The above is the detailed content of Application layer DDoS attacks are skyrocketing – here's why. For more information, please follow other related articles on the PHP Chinese website!