DDoS Attacks—
Evolving Game of
Threat Actors
The 2025 Global DDoS Weapons Report
DDoS Attacks
Grow Exponentially
Globally, DDoS attack volume continues to grow exponentially from Gbps in the early 2010s to terabits by 2024—an increase of twenty times, with early 2025 reports of 350 percent increase in DDoS attack volume to more than six terabits. Frequency has also increased—in 2024, the number of DDoS attacks doubled from the prior year.
This report uses data collected by the A10 Networks threat research team through a combination of internet scanning, patented deception techniques, and open-source intelligence to provide a snapshot of a constantly changing global landscape with insight into the sources, types, and other characteristics of DDoS attacks and weapons used.
APIs and API Gateways are
Top Attack Targets
This increase in the volume and frequency of attacks is less significant than the increase in sophistication and diversity of the attackers and their use against APIs and API gateways. API-based attacks are more granular and persistent and particularly challenging for enterprises to combat.
Eight Countries Provide Half of
the Global DDoS Weapons
Attackers use diverse attack vectors and multiple protocols, leveraging weapons hosted all over the world. This report provides details on the sources (regions, countries, and organizations) that host these weapons.
- U.S.
- Russia
- China
- Italy
- India
- South Korea
- Vietnam
- Venezuela
Amplifiers Comprise
Most Tracked Weapons
There are millions of amplifiers available to attackers, largely because the techniques leverage legitimate process of foundational internet protocols such as DNS, NTP SNMP and SSDP to respond to various requests. A10 tracks amplification weapons by the protocol used. A total of thirty-one individual categories is tracked and included in these samples.
Download the Report for More Insights
DDoS Attacks—
Evolving Game of
Threat Actors
