Content
Link11 European Cyber Report: DDoS attacks reach record levels in the first half of 2025 – 225% more documented DDoS attacks and new attack tactics threaten critical infrastructure:
- 438 terabytes of attack volume – equivalent to over 7 years of Netflix streaming in 4K
- Increasingly precise Layer 7 attacks that mimic legitimate traffic
- Politically motivated attacks by groups such as NoName057(16) on critical infrastructure
The threat situation in the area of distributed denial-of-service (DDoS) attacks has worsened dramatically in the first half of 2025. According to the latest Link11 European Cyber Report, the number of documented attacks on the Link11 network rose by 225% compared to the same period last year. In addition to the sheer volume, the duration, intensity, and sophistication of attacks have also reached new levels.
Record figures: data avalanches and sustained attacks
In the first half of 2025, the volume of attacks totaled 438 terabytes. This corresponds to the data consumption of 7 years of uninterrupted Netflix streaming in 4K resolution. The recorded peak values of 1.2 terabits per second and 207 million packets per second reached dimensions that can overload even high-performance systems.
The duration has also increased: the longest documented attack lasted more than 8 days. The shift from short flash attacks to coordinated sustained fire through long-term campaigns presents defense systems with ever-changing challenges.
New forms of attack: Precision instead of brute force
While classic volumetric attacks continue to dominate, Link11 analysts are seeing a significant increase in precise Layer 7 attacks. These cleverly disguise themselves in legitimate data traffic by generating seemingly normal requests.
“If they are invisible in regular traffic, 20,000 deceptively genuine requests per minute can be more dangerous than 200 million packets per second,” explains Jag Bains, VP Solution Engineering at Link11.
Politically motivated attacks on critical infrastructure
The connection between geopolitical events and waves of attacks is particularly striking. Pro-Russian groups such as NoName057(16) targeted government agencies, banks, energy suppliers, and city administrations in Europe. These attacks often coincided with security policy decisions. Other groups such as Dark Storm and Keymous also became more prominent.
“The dimensions are frightening. In the first half of 2025, we recorded a total of 438 terabytes of DDoS traffic on the Link11 network. That’s equivalent to more than 7 years of non-stop Netflix streaming in 4K. Comparisons like this illustrate the threat better than any statistics,“ says Jens-Philipp Jung, founder and CEO of Link11. ”European companies urgently need resilient defense strategies to protect their digital sovereignty.”
Professionalization through crime-as-a-service and AI
The attacks are not only bigger and longer, they are also more professionally organized. Attackers are increasingly working together, using DDoS-as-a-service platforms and AI to optimize and camouflage their attacks. The World Economic Forum highlights this automation in its Global Cybersecurity Outlook 2025 as a key driver of the threat landscape.
Resilience instead of reaction required
The report’s findings show that companies and institutions need to consistently expand their security architecture. This includes:
- Real-time monitoring for early detection of attacks
- AI-supported defense systems for automated mitigation
- Contingency plans and redundancy strategies for emergencies
Only with a combination of intelligent defense technology and clearly defined resilience strategies can the consequences of massive attacks on business processes and critical infrastructures be effectively limited.
Share this post
