IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Global cyber attack map red lines to glowing datacenter racks
#
DDoS
#
Fintech
#
Application Security

Radware warns of surging DDoS & app attacks in 2025

Fri, 20th Feb 2026
Author image
By Sean Mitchell, Publisher

Radware reports a sharp rise in distributed denial-of-service (DDoS) attacks and malicious application traffic in 2025. Network-layer DDoS volumes rose 168.2% year on year, while web DDoS increased 101.4%, according to its latest global threat analysis.

The findings portray a threat environment where attackers combine network disruption with application-layer abuse and automation. Radware observed growing speed and scale across DDoS, malicious bot activity, and exploitation of vulnerabilities affecting web applications and APIs.

Network DDoS

Network-layer DDoS attacks targeting layers 3 and 4 rose 168.2% compared with the prior year, with peak volumes approaching 30 Tbps. Radware also reported a high frequency of attacks per customer during the second half of 2025.

During that period, the average Radware customer experienced more than 25,351 network-layer DDoS attacks, or about 139 per day. The report describes this as a return to large-scale volumetric attacks designed to overwhelm network capacity.

Technology, telecommunications and financial services were the most targeted sectors for large network DDoS campaigns. Technology accounted for 45% of all network-layer DDoS attacks, up from 8.77% in 2024, based on Radware's data.

By geography, North America accounted for 63.1% of network-layer DDoS attacks recorded globally, followed by the Middle East at 16.1% and Europe at 13.7%.

Web DDoS

At the application layer, web DDoS attacks targeting layer 7 rose 101.4% compared with 2024. Radware linked the increase to disruption campaigns focused on customer-facing services rather than raw bandwidth saturation.

Many high-impact web DDoS incidents now last less than 60 seconds. In addition, 94.4% of measured web DDoS attacks were under 100,000 requests per second, suggesting smaller but more frequent attacks designed to stay below detection thresholds.

Online services, financial services and retail organisations saw the highest volumes of web DDoS activity. EMEA was the most targeted region, accounting for 57% of attacks. APAC recorded the fastest growth, with web DDoS rising 485% year on year.

Apps and APIs

Malicious web application and API transactions rose 128% year on year. Radware described the application layer as the main battleground for current cyberattacks, particularly for organisations running extensive API ecosystems.

Vulnerability exploitation accounted for 41.8% of application-layer attacks observed by Radware. That share rose to nearly 58% in the fourth quarter of 2025, as attackers moved away from "commoditized techniques" and increased their use of vulnerability exploitation, business logic attacks and API abuse.

Technology-driven organisations, including SaaS providers, cloud platforms and fintech firms, faced the highest levels of application-layer exploitation in the data set. North America and EMEA accounted for most of the malicious application and API traffic tracked by Radware.

Automated threats

Automation remained a dominant feature of the findings. Bad bot activity increased 91.8%, which Radware attributed to the spread of generative AI tools and wider access to automation used for credential stuffing, scraping and account takeover.

In the first six months of 2025, bad bot activity reached 89.2% of the total volume observed across all of 2024, according to Radware. North America accounted for 40.7% of malicious bot transactions, followed by APAC at 25%, EMEA at 19.1% and Central and Latin America at 15.2%.

Hacktivist focus

The report highlights hacktivism as a sustained driver of DDoS activity, linking targeting patterns to geopolitical and ideological conflict. Europe accounted for 48.4% of claimed hacktivist attacks tracked by Radware, compared with 17.7% in the Middle East and 17.5% in Asia.

Israel, the United States and Ukraine were the most targeted countries by volume of claimed attacks, at 12.2%, 9.4% and 8.9% respectively, based on Radware's data. Government services were the most targeted sector, accounting for 38.7% of claimed attacks.

The group NoName057 (16) claimed 4,693 attacks, which Radware said was a record and made it the most active hacktivist entity in history.

Radware said the combined rise in short-lived web DDoS, large network floods and increased exploitation leaves security teams with less warning time and a wider range of attack methods across network and application environments.

"The threat landscape continues to evolve with unprecedented speed and complexity," said Pascal Geenens, Vice President of Threat Intelligence at Radware.

Radware plans to hold a webinar in which Geenens will discuss the report's analysis of network and application attack trends observed during 2025.

Related stories
Mars expands Google Cloud AI tie-up with Gemini Enterprise
Eseye adds SGP.32 support to AnyNet+ eSIM platform
Vodafone & Google Cloud launch AI & security tools
Valeo expands Google Cloud tie-up with Gemini rollout
ISACA launches AI risk certification amid governance gap

Top stories

Zapier expands AI governance controls for enterprise users
Firefly links moving media inventory to VIOOH platform
Portal26 launches token controls for autonomous AI agents
Avatier launches offline card after Stryker cyberattack
Merck signs USD $1 billion AI deal with Google Cloud