Distributed Denial of Service (DDoS) attacks remain one of the most frequent and sophisticated threats in the cybersecurity world. According to the Global DDoS Landscape , there has been a significant increase in both the frequency and complexity of attacks since last year.
The material compiles information obtained from an in-depth study of the cybersecurity market, based on global traffic trends and the company's customer base, and highlighted three key points:
Growth of ultra-short and massive attacks
So-called burst attacks , which last less than 5 minutes, grew by 36.5%. Despite their brevity, they generated extremely high traffic spikes, making detection difficult and requiring automated responses in real time.
Multiplication of attack vectors
Multi attacks , which combine different types of techniques – such as UDP and TCP flooding and application layer (Layer 7) attacks – accounted for more than 55% of cases. This shows a clear intention to overload different points in the network and application infrastructure simultaneously.
Increase in attacks against applications and APIs.
The application layer and application programming interfaces (APIs) have become prime targets. This is due to their criticality in digital services and the difficulty in distinguishing legitimate from malicious traffic at this level. In many cases, advanced bots mimic human behavior to circumvent traditional mitigation mechanisms.
Currently, the biggest challenge for cybersecurity teams is adapting outdated models that no longer work. According to Raphael Tedesco, business director at NSFOCUS, most organizations still rely on point solutions, such as traditional firewalls or load balancers, which are ineffective against distributed, multi-vector, and application layer attacks. "Furthermore, the exclusive reliance on on-premises solutions limits the ability to respond to large-scale attacks," he emphasizes.
Another critical point is the false sense of security. Companies that have not suffered recent incidents tend to underestimate the sophistication of attackers and the speed at which new criminal tools are made available as a service, such as in the DDoS-as-a-Service model.
Given this scenario, it is essential that companies adopt a proactive, distributed, and intelligent to DDoS defense. Some recommendations include:
- Hybrid mitigation (cloud + on-premises): Cloud-based protection services combined with local applications allow for scaling the response according to the type and volume of the attack.
- Intelligent traffic inspection: Solutions using behavioral analysis and AI help identify anomalous patterns and distinguish bots from legitimate users.
- Specific protection for applications and APIs: Web application firewalls (WAFs), API gateways, and L7 protection services should be integrated into the defense plan.
- Regular simulations and tests: Controlled stress tests are essential to assess the effectiveness of existing defenses and prepare the incident response team.
- Continuous monitoring and automated response: Real-time visibility and automated decision-making are essential to contain short, intense attacks.
DDoS attacks have ceased to be merely a destabilizing tactic and have become a strategic weapon – used by hacktivist groups, financial criminals, and in coordinated cyber warfare campaigns. "Therefore, companies that do not evolve their defenses will remain vulnerable to attacks that, even lasting only a few minutes, can generate immense financial and reputational damage," concludes Tedesco.
