Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure

0 3 2 minutes read

Link11 Reports 225% more DDoS attacks in H1 2025

Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire

The threat landscape surrounding distributed denial-of-service (DDoS) attacks intensified significantly in the first half of 2025, according to the latest Link11 European Cyber Report. Documented attacks targeting the Link11 network increased by 225% compared to the same period in 2024. The report highlights not only a marked rise in attack frequency but also a substantial escalation in their duration, intensity, and technical sophistication. Notably, attackers deployed volumes reaching 438 terabytes—equivalent to over seven years of continuous 4K Netflix streaming—and increasingly employed Layer 7 attacks that closely mimic legitimate user traffic. The report also identifies politically motivated campaigns, including those attributed to groups such as NoName057(16), targeting critical infrastructure.

Record figures: data avalanches and sustained attacks

In the first half of 2025, the volume of attacks totaled 438 terabytes. This corresponds to the data consumption of 7 years of uninterrupted Netflix streaming in 4K resolution. The recorded peak values of 1.2 terabits per second and 207 million packets per second reached dimensions that can overload even high-performance systems.

The duration has also increased: the longest documented attack lasted more than 8 days. The shift from short flash attacks to coordinated sustained fire through long-term campaigns presents defense systems with ever-changing challenges.

New forms of attack: Precision instead of brute force

While classic volumetric attacks continue to dominate, Link11 analysts are seeing a significant increase in precise Layer 7 attacks. These cleverly disguise themselves in legitimate data traffic by generating seemingly normal requests.

“If they are invisible in regular traffic, 20,000 deceptively genuine requests per minute can be more dangerous than 200 million packets per second,” explains Jag Bains, VP Solution Engineering at Link11.

Politically motivated attacks on critical infrastructure

The connection between geopolitical events and waves of attacks is particularly striking. Pro-Russian groups such as NoName057(16) targeted government agencies, banks, energy suppliers, and city administrations in Europe. These attacks often coincided with security policy decisions. Other groups, such as Dark Storm and Keymous also became more prominent.

“The dimensions are frightening. In the first half of 2025, we recorded a total of 438 terabytes of DDoS traffic on the Link11 network. That’s equivalent to more than 7 years of non-stop Netflix streaming in 4K. Comparisons like this illustrate the threat better than any statistics,“ says Jens-Philipp Jung, founder and CEO of Link11. ”European companies urgently need resilient defense strategies to protect their digital sovereignty.”

Professionalization through crime-as-a-service and AI

The attacks are not only bigger and longer, they are also more professionally organized. Attackers are increasingly working together, using DDoS-as-a-service platforms and AI to optimize and camouflage their attacks. The World Economic Forum highlights this automation in its Global Cybersecurity Outlook 2025 as a key driver of the threat landscape.

Resilience instead of reaction required

The report’s findings show that companies and institutions need to consistently expand their security architecture. This includes:

Real-time monitoring for early detection of attacks

AI-supported defense systems for automated mitigation

Contingency plans and redundancy strategies for emergencies

Only with a combination of intelligent defense technology and clearly defined resilience strategies can the consequences of massive attacks on business processes and critical infrastructures be effectively limited.

About Link11

Link11 is a specialized European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications to avoid business interruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. With PCI DSS and ISO 27001 certifications, the company meets the highest standards in data security.

Contact

Lisa Froehlich
Link11 GmbH
l.froehlich@link11.com

AI Security, Attack Mitigation, Critical Infrastructure, Cyber Attacks, cybersecurity, DDos, Digital Resilience, Layer 7, Network Security, press, threat intelligence