Application layer DDoS attacks are skyrocketing – here's why
The industry is seen as a prime target thanks to a reliance on online services and real-time transactions
The second quarter of 2025 saw a massive rise in application layer DDoS attacks, new research shows, with financial services firms the biggest target.
Application-layer attacks target web applications and are hard to detect, with malicious traffic closely resembling legitimate user requests. According to researchers at Qrator Labs, the second quarter of this year saw a 74% surge compared to the same period last year.
Thanks to their reliance on uninterrupted online services and real-time digital transactions, financial organizations accounted for 43.6% of these attacks, with eCommerce firms the victim in 22.6% of cases and ICT services accounting for 18.2%.
Meanwhile, the second quarter also saw the emergence of the largest DDoS botnet ever recorded, consisting of 4.6 million infected devices. To put this in context, this is more than 3.5 times larger than the previous record and nearly 20 times larger than the biggest botnet identified in all of 2024.
“The explosive growth of application-layer DDoS attacks is a direct consequence of the rapidly expanding number of vulnerable devices with fast internet connections,” said Andrey Leskin, chief technology officer at Qrator Labs.
“The size of botnets we observe today would have been unimaginable just a year ago. An attack launched by a botnet of this scale, if not properly mitigated, can generate tens of millions of requests, overwhelming online services until websites become inaccessible, critical transactions fail, and entire digital operations come to a halt."
DDoS attacks targeting the network and transport layers - layers 3 and four - got bigger, with 43% more attacks exceeding 1 Gbps than in the same period last year.
The longest targeted online gambling providers and lasted just over four days.
Typical application layer DDoS attack methods
As for the application layer, layer 7, most attacks were classified as Request Rate Patterns.
The top three countries from which layer 7 DDoS attacks originated during the quarter were the same as last year: Russia accounted for 17%, the US for 16.6%, and Brazil for 13.2%.
Researchers noted that the longest Layer 7 DDoS attack in Q2 2025 lasted 65.5 hours.
Qrator Labs said organizations should enhance their incident response plans, invest in advanced DDoS mitigation services and conduct regular infrastructure stress testing to ensure resilience.
"Not every DDoS protection provider is equipped to handle an assault of this magnitude, which means that even businesses with defenses in place may find themselves unprepared for the impact,” said Leskin.
Last month, research from Akamai Technologies and FS-ISAC, a not-for-profit cybersecurity organization for the financial sector, found that application layer DDoS attacks against the financial sector rose by 23% between 2023 and 2024.
The sector remained the leading target for volumetric DDoS attacks year over year, with a major spike in October last year.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to recover from a DDoS attack – and what they can teach businesses
- DDoS attackers are pouncing on unpatched vulnerabilities
- A disgruntled ex-Disney employee targeted former colleagues with DDoS attacks
-
Mistral CEO Arthur Mensch thinks 50% of SaaS solutions could be supplanted by AINews Mensch’s comments come amidst rising concerns about the impact of AI on traditional software
-
Westcon-Comstor and UiPath forge closer ties in EU growth driveNews The duo have announced a new pan-European distribution deal to drive services-led AI automation growth
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
