The number of Distributed Denial-of-Service (DDoS) attacks has increased significantly and they’re getting more powerful and disruptive, analysis by cybersecurity researchers has warned.
The Radware 2026 Global Threat Analysis Report has detailed what is described as a “dramatic escalation in cyber-attack activity” during 2025, with a 168% increase in DDoS attacks compared with 2024.
The figure is based on analysis of Radware customer data. During 2025, the average Radware customer faced more than 25,351 attempted DDoS attacks during the reporting period – equivalent to 139 attempted incidents a day.
Technology, telecommunications and financial services were the most targeted sectors. According to Radware, the technology sector represented 45% of all network-layer DDoS attacks – an increase of almost 9% compared with the previous year.
“This growth was not an isolated event but an accelerating trend, with the attack frequency escalating to alarming levels,” the report warned.
“The changes observed are not merely incremental; they represent a new reality defined by unprecedented scale, algorithmic speed and a complete transformation of the underlying attack infrastructure.”
DDoS Attacks are Faster, Stronger and Harder to Stop
The average attack time for most common DDoS attacks – those which registered between 100 and 500Gbps – is just over ten hours. However, the most powerful DDoS now appear to be designed to hit hard and hit fast, with multi-terabit attacks which last an average of 35 minutes
The most high-impact web DDoS attacks now last less than 60 seconds, which makes them difficult to detect and defend against, because by the time the attack has occurred, it is already too late to stop it.
“The threat landscape continues to evolve with unprecedented speed and complexity,” said Pascal Geenans, vice president of threat intelligence at Radware.
While DDoS attacks have become more frequent and more powerful, the main driver behind the campaigns remains the same: Hacktivism.
The Radware report noted how the “persistent, high-volume threat” is sustained by a mature ecosystem which uses hundreds of Telegram channels to coordinate attacks and post about campaigns to amplify their visibility and impact.
During 2025, DDoS attacks impacted organizations around the world, but the three most targeted countries were Israel (12.2%), the US (9.4%) and Ukraine (8.9%).
Analysis of attacks suggested pro-Russian groups were responsible for the highest number of campaigns.
“This distribution underscores the role of hacktivism as a proxy weapon in international conflicts, used to disrupt the digital infrastructure of perceived state adversaries,” said Radware.
To defend against, automated, fast-moving modern DDoS attacks, the report recommended that organizations must become proactive in their cyber defence, with the ability to detect and protect against suspected DDoS campaigns before they happen.
“The critical question for 2026 is no longer about the persistence of the threat, but the agility of the response,” the report concluded.
