Experts recorded the growth of DDOS attacks in the first quarter of 2025
The number of DDOS attacks in the first quarter of 2025 has more than doubled compared to the same period last year, especially went online bugmakers. Despite the increase in cyberosis associated with DDOS-questions, analysts note the tendency to reduce peak values in the power of such attacks. The attackers began to work more subtly and adapt to the actions of IB specialists.
The total number of L3-L4 DDOS attacks (network and transport level) in the first quarter of 2025 increased by 110% relative to the same period of the 2024th, Kommersant experts said Qrator.radar. The average duration of such attacks has fallen noticeably – from 71.7 minutes. to 11.5 minutes., the intensity of network attacks has decreased even more. So, this year this year was an attack on the segment of online bugmakers, which had a 232 Gbit/s bitrate for comparison: in the first quarter of 2024, the record was 882 Gb/s. “Over the past six months, DDOS attacks have doubled. For example, on March 15, 2025, an attack in 4 Gb/s was attacked us. But even in the case of the most large-scale DDOS attacks, we successfully opposed them, ”the betting league said. Fonbet “Kommersant” said that the last few years “they really fix the steady increase in the number of cyber attacks on services: the load of DDOS attacks and attempts of unauthorized access increases by an average of 25-30 % annually.”
108 hours
It was the duration of the most long DDOS attack in 2024, according to Roskomnadzor.
The main goals of the DDOS attacks in the reporting quarter were companies from the IT and telecom spheres, fintech and e-commerce, they say in Qrator.radar. Attacks on the telecom not only give a wide public outcry, but also cause the inaccessibility of services among other players who use their services, explain in Servicepipe. For example, in the first quarter of 2025, attacks on one of the largest mobile operators led to the inaccessibility of the services of individual credit organizations. The financial industry and E-commerce are also traditionally in the field of interests of attackers. The three-leading countries among the sources of network attacks were Russia (28.2%), the USA (14.4%) and Brazil (6.1%), they say in Qrator.radar.
Attackers are less likely to use the tactics “from a gun on sparrows”, explains Sergey Levin, head of the Anti-DDOS SOLAR ANTI-DDOS department: “This is due to an increase in the general level of security of Russian companies and increasing their common maturity in IB matters.” Attacks are no longer so willing to spend resources on ineffective methods and prefer to concentrate on other types of attacks, potentially more productive, he says.
Earlier, Kommersant reported the growth of hacker attacks on the organization of healthcare sector in the first quarter of 2025. The total number of attacks since the beginning of the year at the healthcare organization amounted to slightly less than 2.4 thousand. At the same time, 40% of them were on the pharmaceutical industry (See “Kommersant” from April 24).
Hackers are increasingly using the specific chains of packages, including attacks on DNS, ServicePipe Products Mikhail Khlebonov give an example. But much more often, according to him, multi-vector carpet attacks began to occur when malicious traffic goes along many IP addresses at the same time with a relatively small load on a separate IP address. If a powerful targeted attack is easy to detect according to statistical anomalies and immediately send traffic to clean, then it becomes more difficult to react to the carpet, adds the head of the IBC of the Telecom Exchange, Alexander Blemostov. However, analysts agree that you should not forget about powerful point attacks.
At the end of March 2025, Qrator.Radar analysts discovered an attack of a huge DDOS-beet, which significantly exceeds in size of past records: 1.3 million infected devices (this is almost six times more than in the largest DDOS-Botnita 2024). It was this botnet that also attacked the segment of online bugmakers for almost two and a half hours.
“The growth of botnets is a stable trend that we will observe for a long time,” said Alexey Semenichev, head of the analytics department of threats of IB Garda Gard. IOT devices remain a reliable source of new devices for infection and subsequent use in DDOS attacks, he adds: “Smart TVs, refrigerators, microwaves, video surveillance cameras have weak protection systems in their firmware and become simple prey for the hacker.” Also, according to the Telecom Exchange, an important role in the growth of botnets plays the spread of malicious programs in the corporate environment. “Attackers can compromise the organization, but not in order to lure money from there, encrypt the infrastructure, etc., but for the use of infected devices as a resource for large attacks,” says Mr. Bleznzev.
