DDoS (Distributed Denial of Service) attacks remain one of the most recurrent and sophisticated threats in the cybersecurity landscape. According to the report Global DDoS Landscape, by NSFOCUS, from last year to now, there has been a significant increase in both the frequency and complexity of attacks.
The material compiles information obtained from an in-depth study on the cybersecurity market, based on global traffic trends and the company’s customer base, and highlighted three key points:
Growth of ultra-short and massive attacks
The so-called lightning attacks (burst attacks), lasting less than 5 minutes, grew by 36.5%. Despite being brief, they generated extremely high traffic peaks, making detection difficult and requiring real-time automated responses.
Multiplication of attack vectors
attacksmulti-vector (multi-vector attacks), which combine different types of techniques—such as UDP floods, TCP floods, and application-layer (Layer 7) attacks—accounted for over 55% of cases. This shows a clear intent to overload different points of network and application infrastructure simultaneously.
Growth of attacks against applications and APIs
The application layer and programming interfaces (APIs) have become preferred targets. This is due to their criticality in digital services and the difficulty in distinguishing legitimate from malicious traffic at this level. In many cases, advanced bots simulate human behavior to bypass traditional mitigation mechanisms.
Currently, the major challenge for cybersecurity teams is adapting outdated models that no longer work. According to Raphael Tedesco, NSFOCUS’s business director, most organizations still rely on point solutions, such as traditional firewalls or load balancers, which are ineffective against distributed, multi-vector, and application-layer attacks. ‘Moreover, exclusive reliance on on-premises solutions limits response capabilities against large-scale attacks,’ he emphasizes.
Another critical point is the false sense of security. Companies that haven’t suffered recent incidents tend to underestimate attackers’ sophistication and the speed at which new criminal tools are made available as a service, such as in the DDoS-as-a-Service model.
Given this scenario, it is essential for companies to adopt a proactive, distributed, and intelligent approach to DDoS defense. Some recommendations include:
- Hybrid mitigation (cloud + on-premises): Cloud protection services with on-premises applications allow scaling responses according to the type and volume of the attack.
- Intelligent traffic inspection: Solutions with behavioral analysis and AI help identify anomalous patterns and distinguish bots from legitimate users.
- Specific protection for applications and APIs: Web application firewalls (WAFs), API gateways, and Layer 7 protection services should be integrated into the defense plan.
- Regular simulations and testing: Controlled resilience tests are critical to evaluate the effectiveness of existing defenses and prepare the incident response team.
- Continuous monitoring and automated response: Real-time visibility and automated decision-making are essential to contain short and intense attacks.
DDoS attacks have evolved from mere destabilization tactics into strategic weapons—used by hacktivist groups, financial criminals, and in coordinated cyber warfare campaigns. ‘Thus, companies that fail to evolve their defenses will remain vulnerable to attacks that, even if lasting only minutes, can cause immense financial and reputational damage,’ concludes Tedesco.
