As the world roils in turmoil on numerous fronts, bad actors are seizing the moment by stepping up DDoS activity. 

“DDoS attacks are surging due to geopolitical tensions, hacktivism and the rise of DDoS-as-a-service platforms,” says J Stephen Kowski, field CTO at SlashNext. “Motivations range from financial extortion to political statements, with attackers exploiting the low-cost, high-impact nature of these attacks.” 

Kowski’s comments come after Qrator.Radar reported a 110% uptick in DDoS attacks in Q1 2025, compared to the same quarter last year. 

The report found that in absolute terms, the multivector attacks rose 20%, but they represented a smaller share (11.1%) of L3-L4 DDoS attacks. UDP flood attacks accounted for 56.5% of all cases, but researchers didn’t observe even one ICMP flood attack in the first quarter. Not surprisingly, L3-L4 DDoS attacks were aimed at the IT and Telecom, Fintech and E-commerce sectors. The “Betting shops” microsegment logged the L3-L4 attack with the greatest intensity. But the peak bitrate was 232 Gbps — an 80% dip from the 1,140 Gbps noted last year, a record. 

Intensity did pick up overall, with the median bitrate for the most common UDP flood attacks increasing by 190% and packet rate ticking up 75%. The largest DDoS botnet in Q1 2025 completely swamped the biggest attack in the same period in 2024 — 1.33 million devices versus 227,000. “We attribute this rapid growth in botnet size to the increasing number of outdated and vulnerable devices in developing countries,” Qrator.Radar researchers say. 

Looking at the new numbers, progress clearly has been made against BGP attacks — Qrator.Radar observed only three route leaks in Q1 compared to 12 in 2024. Hijacks for the same periods stayed steady at a single incident each — most likely because organizations continue to adopt the RPKI ROA security mechanism in large numbers. While the number of attacks has trended down, though, BGP route leaks in particular remain a threat and a thorny one at that. 

Lack of Built-In Security

At the heart of the problem is the lack of built-in security features in the “protocol’s foundational yet outdated design,” says Soroko, making it that much harder to secure BGP vulnerabilities. “Threats like BGP hijacking and route leaks can lead to traffic misdirection and potentially large-scale outages,” he says. “Traffic misdirection can potentially affect domain control validation, which is fundamentally important to publicly trusted TLS certificates.”  

Without inherent authentication mechanisms, Saeed Abbasi, manager, vulnerability research, at Qualys, explains, “the protocol’s foundation on trust opens avenues for route hijackings and leaks.” A blend of technical complexity with the need for global coordination creates a multidimensional challenge for defenders. 

RPKI offers an opportunity to address those inherent issues by introducing cryptographic verification of route origins that enhance security, but Abbasi notes, to be fully effective, adoption must be widespread. Soroko, who agrees with that assessment, contends that such widespread adoption across multiple network operators can be difficult to achieve. And, while alternatives like BGPsec offer additional security layers, they too depend on extensive collaboration,” he says.  

The broader challenge then is “in the technical implementation of such security measures and in achieving a consensual standard across a vast, diverse network of autonomous systems,” says Abbasi. “Therefore, BGP security is less about unilateral technical fixes and more about fostering an international regime of cooperative security practices that adapt dynamically to evolving threats.” 

Share.
Leave A Reply