Threat actors move to smaller more persistent attacks

Threat actors are favoring smaller, persistent attacks under 100,000 requests per second according to a new report. This shift signals a growing dependence on automated, generative AI-enhanced attack tools, reflecting the democratization of DDoS capabilities among loosely coordinated threat actors and new actors entering the scene.

The report from Radware also shows web DDoS attacks rose 39 percent over the second half of 2024. The second quarter set a record with a 54 percent quarter-on-quarter spike.

Among other findings network-layer DDoS attacks have increased 85.5 percent compared to the second half of 2024. Hacktivists claimed more than 9,200 DDoS attacks on Telegram in the first six months. That is a 62 percent year-on-year increase showing that hacktivism remains a significant threat.

In addition online application and API attacks surged 33 percent compared to the previous six months and have already reached nearly 90 percent of 2024’s full-year total. SIP protocol targeting has emerged as a serious threat to VoIP and communications infrastructure too.

Automated threats powered by bad bots surged dramatically, closely mirroring the
trajectory of application-layer attacks. Bad bot activity grew by 57 percent in H1 2025 compared to H2 2024 -- almost reaching 90 percent of the total 2024 volume in just six months. There’s a growing role for bots in fraud, credential stuffing, data scraping, and digital disinformation. North America is the most targeted region accounting for 33.8 percent of attacks.

The report’s authors conclude:

Across all categories, one common thread is clear: Threat actors are becoming
increasingly agile, resourceful, and synchronized. From lone hacktivists to state-aligned
groups and AI-assisted adversaries, the lines between cybercrime, activism, and digital
warfare are increasingly blurred.

To confront this rapidly changing threat environment, defenders must adopt a multilayered, intelligence-driven security posture. This includes real-time DDoS detection and mitigation, robust web application firewall (WAF) strategies, anti-bot defenses, and continuous vulnerability management. Moreover, security operations must evolve to incorporate automation, AI, and threat intelligence sharing to match the speed and scale of modern adversaries.

You can get the full report from the Radware site.

Image credit: denisismagilov/depositphotos.com