Executive summary
- The largest number of DDoS attacks in Q3 2025 targeted the FinTech (26.1%), E-commerce (22.0%), Media (15.8%), and Information and communication technology (14.5%) segments. Together, these four accounted for nearly 80% of all recorded attacks.
- Among microsegments, the most frequently targeted in Q3 were Media, TV, radio, and bloggers (14.1%), Payment systems (13.9%), Food retail (13.0%), Digital education (7.2%), and Hosting platforms (6.6%).
- The most intensive L3-L4 DDoS attack of Q3 targeted an organization in the Online retail microsegment, reaching a peak bitrate of 1.15 Tbps — slightly higher than the 2024 record of 1.14 Tbps.
- The longest DDoS attack in Q3 lasted more than nine days (225.9 hours). For comparison, the 2024 record was 19 days (463.9 hours).
- In Q3, we recorded another attack launched by a multi-million-device DDoS botnet that we have been tracking for the past six months. This time, the attack involved 5.76 million infected devices, primarily from Brazil, Vietnam, the United States, India, and Argentina.
- In Q3, Brazil became the largest source of L7 DDoS attacks (19%), surpassing Russia (18.4%) and the United States (10.3%).
- We attribute the emergence of such large-scale DDoS botnets and the growing share of developing countries among L7 DDoS sources to the rapid increase in the number of vulnerable devices connected to high-speed Internet and the active use of AI-powered tools by attackers.
- After a sharp increase in bad bot activity in Q2 2025 — mainly driven by a single, exceptionally long-lasting attack — the figures dropped significantly quarter over quarter in Q3 (-37%).
- At the same time, the bot index declined noticeably: the share of bot traffic in the total traffic to protected resources decreased from 2.34% to 1.36%.
- In Q3 2025, the number of unique ASes responsible for route leaks remained almost unchanged compared to previous periods. However, the number of ASes involved in BGP hijacks was lower than usual due to a noticeable decline in July.
- After a significant increase in Q2 2025, the number of global BGP incidents dropped sharply. In Q3, we recorded only five such incidents — four global route leaks and one global BGP hijack.