BURSTThe cybersecurity landscape experienced an unprecedented escalation in digital threats during the first half of 2025, with Web Distributed Denial of Service (DDoS) attacks surging by 39% compared to the second half of 2024.
The second quarter alone witnessed a staggering 54% quarter-over-quarter spike in attack activity, marking the highest levels on record and signaling a fundamental shift in how cybercriminals orchestrate their campaigns.
.webp)
This dramatic increase represents more than just a numerical surge; it reflects a strategic evolution in attack methodologies.
Unlike previous years characterized by massive volumetric assaults, threat actors in 2025 have pivoted toward smaller, more sustained attacks predominantly operating under 100,000 requests per second (RPS).
This tactical shift demonstrates the growing influence of automated tools enhanced by generative artificial intelligence, effectively democratizing DDoS capabilities among loosely coordinated threat groups and enabling new actors to enter the cybercrime ecosystem.
Radware researchers identified that despite the prevalence of smaller-scale attacks, peak capabilities remain formidable, with the largest recorded Web DDoS attack reaching an extraordinary 10 million RPS in the first quarter.
The company’s comprehensive analysis revealed that application-layer exploitation has become equally concerning, with malicious web transactions increasing by 33% compared to the latter half of 2024.
Remarkably, the volume of malicious activity observed in just six months already accounts for 87% of the total recorded throughout the entire previous year.
The threat landscape has been further complicated by a parallel surge in bad bot activity, which increased by 57% during the same period.
These automated threats, designed for fraud, credential stuffing, and data scraping operations, mirror the trajectory of application-layer attacks and underscore the growing sophistication of cybercriminal infrastructure.
Hacktivist groups have also intensified their operations, claiming nearly 9,200 DDoS attacks on Telegram platforms, representing a 62% increase over the first half of 2024.
AI-Enhanced Attack Automation and Persistence Tactics
The emergence of AI-enhanced attack tools has fundamentally transformed the persistence and execution strategies employed by modern threat actors.
Traditional DDoS campaigns relied heavily on brute-force volumetric attacks that were easily detectable and often short-lived.
.webp)
However, the integration of machine learning algorithms and generative AI has enabled attackers to develop more nuanced approaches that can adapt in real-time to defensive countermeasures.
These AI-driven systems can automatically adjust attack parameters such as request patterns, timing intervals, and target selection to maintain persistence while evading detection mechanisms.
The shift toward sustained, lower-volume attacks reflects this technological evolution, as automated systems can maintain prolonged campaigns with minimal human intervention.
Vulnerability exploitation, which accounts for over one-third of all application-layer attacks, has become increasingly sophisticated through AI-assisted reconnaissance tools that can identify and exploit weaknesses faster than traditional manual methods.
The democratization of these capabilities through open-source tools and AI enhancement has lowered the technical barriers for entry, enabling a broader range of actors to conduct effective cyber operations with unprecedented coordination and persistence.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
The post Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 appeared first on Cyber Security News.