Cyberattacks Surge in 2025: AI-Driven DDoS Threats Reach Record Levels

Listen to this Post

Featured Image

Rising Wave of Digital Threats

The first half of 2025 has brought a level of cyber aggression unlike anything seen before, according to new data from cybersecurity firm Radware. The report reveals a staggering escalation across multiple attack types, painting a picture of a digital battlefield transformed by automation and AI-powered offensive tools. Web-based DDoS attacks rose 39% compared to late 2024, with the second quarter alone posting a 54% quarter-over-quarter leap. Application-layer assaults climbed 33%, while malicious bot activity exploded by 57%, signaling a fundamental change in both the scale and nature of online threats.

Shift Toward AI-Enhanced Attack Tactics

Radware’s findings highlight a clear pivot in strategy among cybercriminals. Instead of the traditional massive volumetric DDoS floods, attackers are increasingly favoring smaller, more persistent campaigns under 100,000 requests per second (RPS). These smaller strikes are harder to detect and disrupt, often running continuously to exhaust targets over time. This trend is closely linked to the proliferation of generative AI-based attack tools, which have made advanced DDoS capabilities accessible to a broader range of threat actors, including loosely coordinated hacktivist groups and amateur cyber gangs.

Despite this shift toward sustained smaller-scale operations, the upper limits of DDoS firepower remain daunting. The first half of 2025 saw peak events hitting 10 million RPS, proof that elite attackers still wield devastating capabilities.

Explosive Growth in Network-Layer Assaults

Network-level (L3/L4) DDoS activity roared back to prominence, surging by 85.5% from late 2024. The average Radware customer faced 7,281 mitigation events per quarter by Q2 2025—an astonishing 485% rise from Q1 2022. Amplification attacks were dominated by DNS and NTP vectors, which together accounted for nearly 90% of total attack volume. Meanwhile, the SIP protocol emerged as a dangerous new target, threatening VoIP and communication systems worldwide.

Regional Hotspots and Hacktivist Surge

The EMEA region absorbed more than half of all Web DDoS attacks, with APAC seeing rapid growth in targeting. North America faced nearly 46% of network-layer attacks, most of them UDP-based floods. On the hacktivism front, activity remained intense, with nearly 9,200 DDoS incidents claimed on Telegram—a 62% year-over-year increase. Europe was the most targeted region, followed by Israel, the United States, and Ukraine.

The notorious NoName057(16) group retained its top spot, responsible for almost 40% of all hacktivist DDoS claims. Government agencies bore the brunt of these politically motivated offensives, making up 39% of the targeted entities, followed by the manufacturing, finance, and education sectors.

Radware’s conclusions are based on a combination of threat data from its global cloud scrubbing centers, managed devices, and intelligence gathered from almost 650 monitored Telegram channels. The report serves as a warning that the digital threat environment is evolving faster than many defenses can adapt.

What Undercode Say:

The latest Radware report underscores a pivotal moment in cyberwarfare. The data suggests that 2025 may be remembered as the year AI fundamentally altered the balance between attackers and defenders. The rise of small, persistent DDoS strikes shows that threat actors are increasingly focused on stealth and sustainability, eroding the traditional advantage defenders had in spotting large-scale spikes.

Generative AI has lowered the barrier to entry, enabling even unskilled operators to launch sophisticated campaigns. This democratization of attack capability is particularly dangerous because it multiplies the number of active players in the threat landscape. It also blurs the line between state-sponsored, criminal, and hacktivist activity, as these groups often share tools, tactics, and even targets.

The resurgence of network-layer attacks is not just a technical concern but a strategic one. By overwhelming infrastructure-level defenses, these attacks can cripple essential services, disrupt communications, and cause cascading economic impacts. The prominence of DNS and NTP vectors points to attackers exploiting the core fabric of the internet, while SIP targeting suggests an increased focus on communications infrastructure, possibly as part of hybrid warfare strategies.

Regionally, the distribution of attacks hints at geopolitical undercurrents. EMEA’s sustained targeting reflects ongoing tensions in Eastern Europe and the Middle East, while the spike in APAC activity may be linked to rising regional disputes and economic rivalries. North America’s vulnerability to high-volume network floods exposes critical weaknesses in infrastructure that adversaries are clearly willing to exploit.

Hacktivism’s rise, particularly with the visibility of claims on Telegram, shows that the public-facing aspect of these attacks is as important as the disruption itself. Groups like NoName057(16) are not only attacking systems but also curating a narrative to amplify political messages. This psychological warfare dimension should not be underestimated, as it fuels further recruitment and emboldens other actors.

For defenders, the challenge is twofold: upgrading technical defenses to counter AI-driven, low-and-slow attack patterns while also building resilience against the sudden spikes of volumetric assaults. Organizations must invest in AI-driven defense systems themselves, capable of detecting behavioral anomalies and reacting in near real time. At the same time, inter-sector collaboration and government-private partnerships will be critical to identifying threats earlier and minimizing their impact.

The takeaway is clear—cybersecurity strategies built for the threat landscape of 2023 or 2024 are already outdated. The enemy has evolved, and unless defensive measures evolve faster, the balance of power will tilt dangerously toward attackers. The pace of change in 2025 suggests that the second half of the year may bring even more sophisticated and damaging campaigns, particularly as geopolitical tensions remain high.

🔍 Fact Checker Results:

✅ The growth percentages for Web DDoS, application-layer, and bot activity match Radware’s published statistics.
✅ Geographic and sectoral targeting aligns with known threat actor patterns and past Radware findings.
❌ No independent confirmation yet on the exact number of claimed hacktivist attacks on Telegram.

📊 Prediction:

By the end of 2025, AI-powered DDoS tools will become even more autonomous, requiring minimal human input to launch and adapt attacks in real time. This will likely result in a further surge in both frequency and sophistication, with multi-vector campaigns blending small sustained attacks with high-volume bursts to overwhelm even advanced mitigation systems. Governments and enterprises that fail to integrate adaptive AI into their defenses will face unprecedented service disruptions.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberpress.org
Extra Source Hub:
https://www.reddit.com/r/AskReddit
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon