Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the first quarter of the year and their implications for cybersecurity trends.
The first quarter of 2025 has revealed significant changes in the DDoS threat landscape, characterised by a substantial increase in attack frequency, the emergence of ‘carpet bombing’ techniques and growing trends targeting the iGaming sector. With attack methodologies evolving and becoming more sophisticated, this report provides critical insights for cybersecurity planning and threat mitigation.
The first quarter of 2025 has shown a noticeable increase in DDoS attack activity, with 161 attacks recorded. This represents a rise from 4Q 2024’s 138 attacks and a dramatic increase from 1Q 2024’s 58 attacks. The most active month was February, which continues to show vulnerability during winter months.
1Q 2025 showed the following patterns in attack intensity:
While individual attack sizes appear smaller compared to historical peaks (2Q 2023’s 560.6 Gbps), this represents a strategic shift rather than reduced threat capability. Intelligence indicates that attackers now possess capabilities exceeding 500 Gbps but are employing more targeted and distributed approaches that can bypass traditional detection mechanisms.
1Q 2025 has shown a marked increase in attacks specifically targeting the online gambling and casino sector, with intelligence indicating a 400% rise in attacks against these entities since February. This industry-specific targeting represents a prominent trend that requires specialised attention and defence mechanisms.
Key statistics for 1Q 2025:
On 26 February, a carpet-bombing incident targeted 53 networks within a short 6-minute window (03:41-03:47 UTC). While this attack peaked at 150 Gbps with 120 Mpps, its distributed nature allows it to circumvent traditional defence systems, potentially resulting in a significant customer impact.
Comparing 1Q 2025 with recent quarters reveals several trends:
This shows a clear trend of increasing attack volumes over the past three quarters, with a 372% increase from 3Q 2024 to 1Q 2025.
While individual attack volume metrics appear to show decreasing intensity, this is misleading as attacks are now distributed across multiple targets simultaneously, making traditional detection mechanisms less effective.
The number of affected customers has increased dramatically in 1Q 2025, indicating a broader targeting strategy. Of particular note is the observed ‘spray’ technique that targets entire network Classless Inter-Domain Routing (CIDR) blocks rather than individual IPs, affecting multiple customers simultaneously.
1Q 2025 has seen the emergence of carpet bombing or spray attacks that distribute traffic across multiple hosts within targeted IP ranges. These attacks:
Comparing 1Q 2025 to 1Q 2024 shows significant changes in the threat landscape:
Intelligence indicates a notable correlation between DDoS attacks and subsequent data breaches in the iGaming sector. 1Q 2025 has seen examples of multiple organisations experiencing what appears to be a new attack pattern:
Unlike traditional ransomware operations, these attacks show no ransom demands prior to data release, indicating a potential shift in threat actor motivations from financial gain to maximum disruption or competitive advantage.
The transition to carpet-bombing techniques represents a significant evolution in DDoS tactics. These attacks distribute traffic across multiple targets within a network range, using traffic volumes per target that stay below conventional detection thresholds.
Intelligence indicates a targeted campaign against the iGaming sector, with a 400% increase in attacks since February 2025.
The average attack duration has increased dramatically to 4.3 hours, with the longest attack lasting 54 hours. Short, intense attacks (3-6 minutes) are now frequently observed as reconnaissance to test defence capabilities before launching larger campaigns.
Intelligence suggests a rising trend of AI technology adoption by threat actors. Self-hosted AI tools are enabling more sophisticated and unpredictable attack patterns that traditional defence mechanisms struggle to detect. These AI-enhanced attacks show several characteristics:
Based on 1Q 2025 attack patterns, particularly the emergence of carpet-bombing techniques, the following defence strategies are recommended:
The increase in attack volumes and sophistication in 1Q 2025 indicates a significant evolution in the threat landscape. Organisations should prepare for:
The 26 February incident, which affected 53 networks within a 6-minute window, demonstrates the effectiveness of these new attack methodologies and highlights the need for enhanced detection and mitigation capabilities.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the fourth quarter of the year and their implications for cybersecurity trends.
The fourth quarter of 2024 marked a significant shift in DDoS attack patterns, with 138 recorded incidents. This represents a substantial increase from 3Q’s 37 attacks, though remaining well below historical peaks like 2Q 2023’s 1,106 attacks. October emerged as the most active month, aligning with historical patterns of increased 4Q activity.
This is a trend not just at Continent 8. In fact, 4Q also happened to see the largest DDoS attack ever recorded, with Cloudflare mitigating a 5.6 (Terabits per second) Tbps Mirai-variant botnet attack on one of their customers on October 29.
4Q 2024 demonstrated interesting patterns in attack intensity:
This quarter’s largest attack of 13.4 Gbps represents a decrease from 3Q 2024’s peak of 37.0 Gbps. For perspective, this is dramatically lower than 4Q 2023’s peak of 412.9 Gbps, indicating a significant shift in attack methodologies.
Key statistics for 4Q 2024:
Key statistics for 4Q 2024:
Comparing 4Q 2024 with recent quarters reveals several interesting trends:
This shows a significant escalation in attack frequency during 4Q.
While attack frequency increased, intensity continued to decrease throughout the year.
The decrease in affected customers coupled with the dramatic increase in attacks per customer suggests a shift toward more targeted campaigns.
Comparing 4Q 2024 to 4Q 2023 shows significant changes in the threat landscape:
The higher volume but lower intensity of attacks suggests a fundamental shift in attacker strategies, focusing on persistent, lower-threshold campaigns rather than high-impact events.
The concentration of attacks on fewer customers, with more attacks per target, indicates a move toward more sophisticated, focused operations.
The shorter average attack duration (17.6 minutes) combined with increased frequency suggests a tactical shift toward ‘pulse’ style attacks rather than sustained campaigns.
While individual attack intensities have decreased significantly year-over-year, the dramatic increase in frequency and focus on specific targets suggests an evolution in threat actors’ strategies. The pattern of increased 4Q activity appears to be holding true, though manifesting differently than in previous years.
Organisations should prepare for:
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest DDoS statistics from the third quarter of the year and their implications for cybersecurity trends.
The third quarter of 2024 has continued to show relatively low DDoS attack activity, with 37 attacks recorded. This represents a slight increase from 2Q’s 32 attacks but remains significantly lower than the 359 attacks recorded in 3Q 2023. The most active month was July, which aligns with historical patterns of increased summer activity.
3Q 2024 showed some interesting patterns in attack intensity:
This quarter’s largest attack (16.8 Gbps) represents a significant decrease from 2Q 2024’s peak of 85.5 Gbps. For perspective, this is dramatically lower than the massive attacks seen in 2023, which peaked at 560.6 Gbps in Q2 2023, and over 1Tbps prior to that.
Key statistics for 3Q 2024:
Comparing 3Q 2024 with recent quarters reveals several interesting trends:
This shows a relative stabilisation at lower attack volumes compared to 2023’s numbers.
While more intense than 1Q, 3Q’s attacks remained relatively moderate compared to historical peaks.
The consistent number of affected customers over 2Q and 3Q 2024 suggests a stable threat landscape, though individual customers faced more repeated attacks in 3Q.
Comparing 3Q 2024 to 3Q 2023 shows a dramatic shift in the threat landscape:
The lower volume but moderate intensity of attacks suggests a shift in attacker strategies, possibly focusing on more targeted, strategic attacks rather than broad campaigns.
The average attack duration of 2 hours shows a trend toward longer, more sustained attacks compared to previous quarters, potentially indicating more sophisticated attack strategies.
While attack volumes remain relatively low compared to 2023 and previous, the increase in attacks per individual customer and attack duration suggests continued evolution in threat actors’ strategies. Organisations should maintain robust DDoS protection despite the lower overall attack volumes, as the pattern of attacks suggests more targeted and potentially more sophisticated approaches.
The historical pattern of increased activity during major sporting events and holiday periods suggests potential for increased activity in the upcoming quarters, particularly with various significant events on the horizon.
This analysis demonstrates the importance of maintaining comprehensive DDoS protection and the value of Continent 8’s multi-layered security approach, even during periods of relatively low attack volume.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device and phishing defence services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Craig Lusher from our Secure team takes a deep dive into the latest DDoS stats from the second quarter of the year
As was the case in the first quarter of 2024, Continent 8 continues to see a decline in DDoS attacks against its customers with just 32 incidents reported across customers in the second quarter of the year. This marks a 45% decrease from the 58 attacks recorded in the previous quarter and is a mere fraction of the 1,106 DDoS attacks successfully thwarted during the corresponding period in 2023.
The quarter’s fluctuation in the number of attacks per month, with 8 in April, 5 in May and 19 in June, indicates varying attack campaigns or possibly enhanced defensive strategies.
The intensity of attacks in the second quarter of 2024 escalated significantly than in the previous quarter in terms of peak attack size:
This quarter’s surge in peak attack intensity, particularly in June, indicates a concerning trend towards more powerful DDoS attempts, despite their decreased frequency.
The highest number of attacks a single customer faced was 7, a significant reduction from the peak of 25 attacks in the first quarter. This data indicates a shift towards a more distributed pattern of attacks in the second quarter compared to the first quarter.
The timing and frequency of attacks in the second quarter of 2024 reveal some interesting trends:
These figures indicate that while there were fewer attacks overall, they tended to last longer on average, with some attacks being significantly more persistent than in the previous quarter. Prolonged attacks can strain resources for unprotected customers, potentially leading to substantial disruptions if critical systems or services are compromised by malicious activity.
The second quarter of 2024 witnessed a significant reduction in overall DDoS activity compared to the first quarter. However, there has been a concerning uptick in the intensity of attacks, particularly in June, posing a greater risk of potential damage. The fluctuations observed throughout the quarter, peaking with a spike in June, suggest evolving DDoS attack strategies. Employing an advanced DDoS mitigation system and solution is essential to safeguard against potential threats.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device and phishing defence services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Join Craig Lusher from our Secure team as he takes a deep dive in the latest DDoS stat from the first quarter of the year
It’s been a quiet start to the year in terms of the number of DDoS attacks being launched against Continent 8 customers. In the first three months of 2024, we recorded just 58 attacks across 14 customers compared to the 184 recorded during the same period in 2023.
The year started with 17 attacks recorded in January, almost doubling to 30 in February before dropping back down to 15 in March – this compares with 116, 34 and 34 in January, February and March 2023 respectively.
The fluctuation in attack numbers over the first three months of the year suggests varying attack campaigns targeting different customers. Interestingly, the highest number of attacks were launched against customers based in Kahnawake.
The intensity of attacks was far less ferocious than in previous quarters where we registered attacks over 1Tbps – in 1Q24 it was a far more manageable 3Gbps. Throughout the quarter, the average size of attack was <1Gbps which is a record low for Continent 8 in recent years.
While the size of attacks is on the low side, the disparity between the largest and the average is significant and suggests that while most attacks were smaller there were some outliers (including the 3Gbps attack) that increased the average in February and March.
Of the customers attacked over the first three months of the year, one customer was subject to 25 attacks making it the most targeted. This indicates that specific customer was victim to a persistent targeted attack, which is why we recommend organisations deploy our DDoS Mitigation Service.
It also highlights that some organisations are at greater risk than others and may require additional protective measures depending on the products and services they offer and the markets they are active in.
While the scale of attacks was moderate by global standards, their frequency and duration are cause for concern. That total attack duration for Q1 amounted to 36.6 hours, with the longest attack lasting a total of 2.1 hours resulting in an average attack length of 38 minutes for the quarter.
Such durations can strain resources for unprotected customers and potentially lead to significant disruptions if critical systems or services are targeted.
Despite a drop in the number of DDoS attacks on our customers in the iGaming and sports betting industry, the need for DDoS protection is still paramount, especially for customers who are more susceptible and vulnerable to attack. This is certainly the case as we move toward a summer of major sports events including the Olympics and UEFA Euro 2024.
DDoS protection should form part of a wider, multi-layered approach to cybersecurity that also includes WAF/WAAP protection, backup solutions, MDR/EDR services, VAPT assessments, mobile device and phishing defence as well as SIEM and SOC resources.
This is the only way to have multiple protections in place for each attack type, including DDoS, and to ensure the greatest level of resilience.
Of course, our data and analysis should also be used to inform cybersecurity strategies moving forward and for resource allocation for DDoS mitigation efforts.
Our DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
To learn more about how Continent 8 can help defend your organisation against DDoS attacks, contact a member of the team via sales@continent8.com or fill out the form on our Contact Us page
Craig Lusher from our product team reviews the latest attack data with the intensity of attacks peaking in July and with one customer being hit 98 times over the three-month period
The third quarter of 2023 saw a significant reduction in DDoS attacks launched against Continent 8 customers.
The total number of attacks hit 359 during the period, down from 1,106 in Q2 where there was a continuation of the tumultuous adverse events that marked December 2022 with a well-orchestrated campaign that coincided with the World Cup and the festive holidays.
This saw Continent 8 defend 3,367 separate DDoS in the fourth quarter of 2022 alone.
In the third quarter of 2023, the intensity of attacks peaked in July with 195 separate incidents recorded. This was followed by August with 112 and September with 52. Over the three months, 24 unique customers were attacked making it a widespread issue rather than being isolated to a few customers.
On average, each customer faced 15 attacks in Q3, but one customer was subject to 98 attacks indicating a targeted effort and underscoring the need for all organisations to have specialised protective measures in place.
When it comes to the characteristics of attacks, there was great cause for concern with the largest attack hitting a staggering 149.7Gbps which could potentially cripple the most robust networks. The average size of attack was 2.27Gbps – manageable but not negligible.
The highest Peak Packets Per Second (PPS) recorded was 14.6 Mpps, and while this was substantially down on the 317 Mpps recorded in May 2023, it still indicates the scale of some of the attacks launched against Continent 8 customers during the quarter.
This highlights the importance of considering not just the throughput but also the volume of Packets Per Second because even low throughput attacks could involve millions of packets per second, threatening network equipment rather than just internet bandwidth.
This is why it’s vital to take a multi-layered approach to cybersecurity so that systems, networks and data are properly protected from different types of attack at a time when the volume and length of attacks remain high.
One customer was subject to an attack lasting more than 20 hours – so close to a full day. This shows the persistence of attackers. That said, the average attack duration during Q3 was 0.76 hours which comes to about 45 minutes.
This suggests most attacks were aiming for quick disruptions rather than prolonged engagement. Again, this is different to the previous quarter where the longest attack lasted an astounding 800 hours.
Interestingly, there were no attacks exceeding 1 Tbps, but there were four attacks exceeding 100 Gbps and four more in the range of 10-100Gbps. The majority of attacks – 350 altogether – were under 10 Gbps. This compares to a peak attack size of 560 Gbps in Q2.
When it comes to repeat attacks, 10 customers were hit for a second time in a 24-hour period – interestingly, in Q2 there were no instances of customers suffering repeat attacks within 24 hours – so this marks the return of attackers going after the same target multiple times.
The stats for the period from 1 July 2023 to 30 September 2023 relate to our customers based in different locations around the world. Key highlights include:
This quarter’s results show that attack tactics have changed once again with attack size reducing but with significant Packets Per Second being delivered via attacks.
This means that the threat has changed somewhat from earlier in the year – ensuring internet bandwidth is always vital but now more than ever organisations need to protect their network equipment and systems.
There has been a lot of discussion around the changing cyber threat landscape, but this quarter’s stats show that action is crucial if organisations are to ensure resilience and mitigate an attack which is now a case of when and not if.
Our solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Our proven platform is one you can rely on with a capacity only matched by the largest DDoS providers on the planet. Learn more about our DDoS solutions here or contact Craig via craig.lusher@continent8.com
Distributed denial-of-service (DDoS) attacks threaten data integrity of numerous companies worldwide. Unlike a DoS attack, which originates from a single location, DDoS attacks occur from multiple locations simultaneously, making securing data potentially more complicated.
Understanding the mechanism of DDoS attacks and what an enterprise must do to safeguard its data against them is critical. Here Craig Lusher, Senior Product Specialist – Secure, discusses where DDoS attacks originate and why it is important to deploy thorough prevention strategies.
DDoS attacks involve hackers flooding a network or server with fake traffic. They overwhelm the system, disrupting genuine user requests and causing the server to crash. During a DDoS attack, your website will be bombarded with requests from various sources for an extended duration.
These requests are not a result of a sudden increase in legitimate visitors. Instead, they are automated and originate from a limited number of sources, the quantity of which depends on the attack’s size.
DDoS attacks can come from competitors or other entities that intend to disrupt access to website’s content. Either way, it poses significant risks to the company’s integrity.
For instance, research conducted in 2022 revealed a 74 percent increase in DDoS attacks, causing disruptions and financial losses. Most of these attacks targeted the fintech industry, accounting for 34 percent of these attacks and experiencing a twelvefold rise in attack traffic. Experts also predicted that the number of DDoS attacks would double, going from 7.9 million in 2018 to over 15 million by 2023.
Moreover, DDoS attacks can have widespread consequences beyond individual data breaches. They can disrupt entire networks, affecting critical services and the availability of websites and online platforms. For businesses, these attacks can lead to significant financial losses, harm their reputation, and diminish customer trust.
Seeing how significant the impact of DDoS attacks is, use the following strategies to shield your server from these threats.
To strengthen your hosting against DDoS attacks, you need sufficient bandwidth to manage traffic spikes caused by cyber attacks. Increasing bandwidth makes it harder for attackers to execute successful DDoS attacks. However, this won’t be enough to protect your website thoroughly. It would be best to combine it with other mitigation tactics for comprehensive cyber security.
Anticipating a cyber attack in advance is essential for a proactive security architecture, enabling a quick response to potential threats before they can harm your website. An effective security plan includes identifying your response team, prioritizing critical functions, and establishing communication with your Internet Service Provider, which can help stop the attack.
When you notice a sudden increase in traffic to a host, you can use ‘rate limiting’ to manage the incoming traffic at a level the host can handle without causing disruptions. Advanced security goes further by checking each packet to see if it’s valid. If you want to do this effectively, you must understand what normal, legitimate traffic for the target looks like and then compare each packet to this standard. This will help you identify any unusual patterns or potential threats.
To protect against DDoS attacks, your infrastructure should be robust. Instead of relying solely on firewalls, you can diversify your approach by distributing data centers across different networks, avoiding concentration in one location, placing servers in multiple data centers, and ensuring uninterrupted traffic flow without network bottlenecks.
Make sure to follow strong security practices, like changing passwords regularly, using secure authentication, and avoiding phishing attacks. Reducing user errors within your organization enhances safety, even during an attack.
Black hole routing is a method to stop DDoS attacks by discarding harmful traffic before it reaches the target. It works by directing traffic to a non-existent “black hole” interface, effectively blocking traffic from the source of the attack. Although it is a reactive measure, it reduces the impact of DDoS attacks.
A cloud-based DDoS service like Continent 8 is essential for effective protection. The cloud offers more bandwidth than on-premises resources and distributes servers across different locations, enhancing security for many websites with limited resources.
Log monitoring provides valuable insights into your web traffic, enabling real-time threat detection and a faster DDoS mitigation process. By analysing log traffic statistics, you can identify when significant traffic spikes occur and determine the servers affected by the attack. Log analysis can also save time by notifying you about unwanted events in advance, reducing the time and effort needed for troubleshooting.
Your network may slow down unexpectedly, your website could shut down, and you might start receiving an influx of spam. Additional signs of a DDoS attack include slow performance, excessive traffic from a single source, frequent crashes, poor connectivity, and any other unusual patterns, like a sudden surge in traffic from a single IP address.
A web application firewall (WAF) protects against harmful traffic that targets application vulnerabilities. It watches for unusual traffic patterns, blocking malicious ones while allowing legitimate ones. When you position a WAF between your server and the internet, it acts like a shield, ensuring all traffic goes through it first.
Security providers like Continent 8 assist global enterprises in protecting their servers from these malicious attacks. Ensure that you are implementing the industry’s best practices and be adaptive to changes.