Distributed denial-of-service (DDoS) attacks are nothing new. But recent data suggests we’ve entered a new phase – one where attacks are becoming larger, faster, more disruptive, and harder to defend against using traditional methods. And the UK is increasingly finding itself in the crosshairs.
The UK jumped from 42nd to sixth most-attacked country in the world during the third quarter of 2025. The increase reflects a broader trend: DDoS activity is intensifying globally.
The data paints a stark picture. In the third quarter of 2025 alone, we mitigated 8.3 million DDoS attacks across our network, equating to almost 3,800 attacks every hour.
The growth is striking. Attack volumes rose 15% quarter-on-quarter and 40% year-on-year, and the pace is only accelerating. For UK organizations, the message is clear: the odds of being targeted by a powerful DDoS attack are increasing.
The Rise of Hyper-Volumetric Attacks
One of the most significant developments in the latest threat data is the emergence of a massive botnet known as Aisuru, which has dramatically increased the scale of attacks being launched across the internet.
Aisuru is believed to consist of between one and four million infected devices worldwide, creating an enormous pool of traffic that can be directed at targets. Using this infrastructure, attackers have been launching hyper-volumetric DDoS attacks that measure in the terabits and billions of packets per second.
These attacks are becoming increasingly common. In Q3 2025, the number of hyper-volumetric attacks rose 54% quarter-on-quarter, averaging 14 attacks per day. At their peak, attacks reached 29.7 terabits and 14.1 billion packets per second, breaking previous records and demonstrating just how powerful modern botnets have become.
What makes attacks at this scale particularly concerning is the potential for collateral damage. In some cases, the sheer volume of malicious traffic has disrupted internet service providers simply because the traffic passed through their networks. If traffic levels like this can disrupt infrastructure indirectly, the impact could be far greater when attacks are directed at critical services.
Faster Attacks, Less Time to React
Another major shift in the DDoS landscape is speed. Most attacks today are relatively short-lived. According to our analysis, 71% of HTTP-layer attacks and 89% of network-layer attacks end in under ten minutes. That might sound positive, but in practice it makes attacks harder to defend against.
Short bursts of traffic can overwhelm systems before defenders have time to respond. Traditional mitigation approaches, such as manually activating scrubbing services, often cannot react quickly enough.
Even when the attack itself lasts only minutes, the operational fallout can continue much longer. Engineering teams may spend hours restoring services, validating system integrity, and ensuring data consistency across distributed systems. The disruption caused by a DDoS attack can therefore extend well beyond the attack window itself.
Geopolitics and Activism are Shaping Attack Patterns
The Q3 2025 threat data also highlights a growing link between geopolitical events and DDoS activity. For example, attacks against the Mining, Minerals and Metals sector increased significantly as tensions rose between the European Union and China over rare-earth mineral exports and electric vehicle tariffs.
The Automotive sector experienced an even sharper rise, jumping 62 places in global industry rankings to become one of the most targeted sectors. Meanwhile, several countries experienced spikes in DDoS attacks alongside political protests or social unrest.
France, Belgium and the Maldives all saw significant increases in attacks during periods of political tension or large-scale demonstrations. These incidents suggest that DDoS is increasingly being used as a tool for digital protest, political messaging and disruption.
AI Services Become a New Target
Another emerging trend is the growing focus on AI platforms. In September 2025, Cloudflare recorded spikes of up to 347% in HTTP DDoS traffic targeting generative AI companies. The surge coincided with heightened debate about the economic and regulatory implications of AI technologies. In the UK, public discussion about AI’s impact on jobs and regulation also intensified during the same period.
As AI services become more widely adopted across industries, they are quickly becoming attractive targets for attackers looking to cause disruption or attract attention. For organizations’ developing or relying on AI-driven platforms, resilience is rapidly becoming a core security requirement.
Why Legacy Defenses are Struggling
Taken together, these trends highlight a clear shift in the DDoS threat landscape. Attacks are growing larger, faster and more automated, while their duration is shrinking. This combination leaves defenders with far less time to respond.
Many traditional mitigation approaches were designed for a different era, one where attacks were slower to ramp up and easier to detect. Today’s environment increasingly requires always-on, automated defense systems capable of detecting and mitigating attacks in seconds rather than minutes.
For UK organizations, the recent jump in attack rankings should act as a wake-up call. The UK is home to major financial institutions, media organizations, technology companies and critical infrastructure which are all attractive targets for disruption.
As botnets grow larger and attackers become more opportunistic, organizations can no longer treat DDoS resilience as a secondary concern. Instead, it must be treated as a core component of digital resilience strategy. Because in today’s threat landscape, the question is no longer whether a DDoS attack will happen, but how prepared organizations are when it does.