Security
Distributed denial-of-service (DDoS) attacks intensified sharply across Europe in 2025, evolving from short-lived disruptions into near-constant pressure on digital infrastructure, according to Link11’s European Cyber Report 2026.
The report found that the number of DDoS attacks recorded across Link11’s network jumped 75% last year, following a 137% rise in 2024, signaling that large-scale cyber assaults are becoming a permanent structural risk for businesses and critical infrastructure.
Attack volumes reached unprecedented levels. Terabit-scale attacks, once considered rare, became increasingly common in 2025. Link11 documented three attacks exceeding 1 terabit per second during the year, compared with a single such incident in 2024. The largest attack peaked at 1.33 Tbps, delivering more than 120 million packets per second.
In one coordinated campaign, attackers generated a cumulative data volume of 509 terabytes — equivalent to a full day of internet traffic in a mid-sized European city. Analysts also noted a significant shift in attack behavior, with adversaries increasingly favoring endurance over brief traffic spikes.
The longest single attack observed lasted 12,388 minutes, or more than eight consecutive days. Overall, Link11 detected active DDoS activity on 322 days of the year, meaning systems were under attack nearly 90% of the time. “What was once an exception has become the norm,” the report said.
Attackers are also returning more frequently. More than 70% of organizations hit by an initial attack were targeted again, with an average of 2.8 follow-up assaults per incident — an 80% increase from the previous year.
“We are seeing a clear paradigm shift,” said Jens-Philipp Jung, founder and CEO of Link11. “DDoS is no longer a one-off event but a persistent strategic burden on digital business models. Organizations that rely on reactive defenses are already behind.”
Beyond raw bandwidth, the report highlighted the growing use of hybrid tactics combining high-volume floods with long-running, low-intensity attacks designed to evade detection. These campaigns increasingly target applications and APIs, mimicking legitimate traffic while gradually degrading performance.
According to Link11, this evolution is forcing companies to rethink cyber resilience. Traditional network-level defenses alone are no longer sufficient, as modern attacks often operate at the application layer and directly impact revenue, service-level agreements and regulatory compliance.
The report recommends always-on DDoS protection combined with web application and API security, automated mitigation and the integration of DDoS scenarios into broader business continuity planning.
“Digital availability has become a competitive factor,” Jung said. “Cyber resilience now determines whether organizations can operate reliably in an environment of constant technological and geopolitical stress.”
The report found that the number of DDoS attacks recorded across Link11’s network jumped 75% last year, following a 137% rise in 2024, signaling that large-scale cyber assaults are becoming a permanent structural risk for businesses and critical infrastructure.
Attack volumes reached unprecedented levels. Terabit-scale attacks, once considered rare, became increasingly common in 2025. Link11 documented three attacks exceeding 1 terabit per second during the year, compared with a single such incident in 2024. The largest attack peaked at 1.33 Tbps, delivering more than 120 million packets per second.
In one coordinated campaign, attackers generated a cumulative data volume of 509 terabytes — equivalent to a full day of internet traffic in a mid-sized European city. Analysts also noted a significant shift in attack behavior, with adversaries increasingly favoring endurance over brief traffic spikes.
The longest single attack observed lasted 12,388 minutes, or more than eight consecutive days. Overall, Link11 detected active DDoS activity on 322 days of the year, meaning systems were under attack nearly 90% of the time. “What was once an exception has become the norm,” the report said.
Attackers are also returning more frequently. More than 70% of organizations hit by an initial attack were targeted again, with an average of 2.8 follow-up assaults per incident — an 80% increase from the previous year.
“We are seeing a clear paradigm shift,” said Jens-Philipp Jung, founder and CEO of Link11. “DDoS is no longer a one-off event but a persistent strategic burden on digital business models. Organizations that rely on reactive defenses are already behind.”
Beyond raw bandwidth, the report highlighted the growing use of hybrid tactics combining high-volume floods with long-running, low-intensity attacks designed to evade detection. These campaigns increasingly target applications and APIs, mimicking legitimate traffic while gradually degrading performance.
According to Link11, this evolution is forcing companies to rethink cyber resilience. Traditional network-level defenses alone are no longer sufficient, as modern attacks often operate at the application layer and directly impact revenue, service-level agreements and regulatory compliance.
The report recommends always-on DDoS protection combined with web application and API security, automated mitigation and the integration of DDoS scenarios into broader business continuity planning.
“Digital availability has become a competitive factor,” Jung said. “Cyber resilience now determines whether organizations can operate reliably in an environment of constant technological and geopolitical stress.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
