European Cyber Report 2025: 137% more DDoS attacks than last year

Cyberattacks are no longer an abstract threat – they dominate risk planning for companies worldwide. The latest Link11 European Cyber Report shows an alarming trend: the number of DDoS attacks has more than doubled, and they are shorter, more targeted, and more technically sophisticated. Organizations that fail to continuously adapt their security strategies risk massive financial and long-term reputational damage.

The numbers speak for themselves

• 137% more DDoS attacks on the Link11 network compared to last year.
• A new scale has been reached: The largest attack measured to date was 4 terabits per second (Tbps).
• Attacks are shorter and highly effective: Two-thirds of all attacks peaked in just 10 to 60 seconds.
• Multi-vector attacks are setting new standards: The combination of different attack vectors makes defense more difficult and requires more precise protection.

Why organizations should act now

The Allianz Risk Barometer 2025 confirms that digital transformation offers not only opportunities, but also new targets. Cybercriminals use powerful botnets and more sophisticated attack techniques than ever before, and the speed of DDoS attacks is increasing as a result. One specific case illustrates how sophisticated attacks are pushing organizations to their limits.

Multi-vector DDoS: When Network Load Meets Application Attacks

A four-day attack combined Layer 3/4 and Layer 7 techniques, putting both infrastructure and web applications under massive pressure. Link11 recorded a total of 120 million requests, resulting in more than a million WAF logs – a load that quickly overwhelmed conventional defenses.

The attackers’ strategic approach was particularly striking:

• Layer 3/4 attacks: Massive data streams overwhelm the network infrastructure.
• Layer 7 attacks: APIs and web applications were deliberately crippled with complex queries.
• Dynamic attack patterns: Attacks were launched in waves to test the response times of defenses.

Organizations that do not continuously adapt their IT security strategy risk becoming victims of targeted attacks. Web applications and APIs are particularly targeted by cybercriminals because they often handle sensitive data and control critical business processes.

Modern security architecture is the key to resilience

The incident highlights the fact that traditional DDoS defenses are no longer sufficient. DDoS mitigation must adapt to new threats. Enterprises are increasingly relying on AI-powered systems to detect and block attacks in real time. In addition, web application and API (WAAP) protection is becoming more important due to the prevalence of this attack vector.

Combining advanced protection solutions:

• AI-based attack detection for early detection of suspicious patterns
• Bot management to block automated attacks
• Adaptive WAF systems that adapt in real time

A holistic security strategy combines advanced DDoS mitigation, continuous monitoring, and adaptive protection mechanisms. “The increasing number of DDoS attacks shows that cybercriminals continue to rely on this proven method. However, the shortened attack time does not mean that the threat is decreasing – on the contrary: companies need to react faster and further optimize their defense mechanisms,” said Jens-Philipp Jung, CEO of Link11.

The full European Cyber Report 2025 can be downloaded here.

Share this post