After 6 Tbps DDoS Attack, Gcore Also Warns Network- and App-Layer Attacks Surge

Last week, Gcore neutralized one of the world’s largest DDoS attacks on a game hosting provider, peaking at 6 terabits per second (Tbps) with a packet rate of 5.3 billion packets per second (Bpps).

The platform leveraged its global infrastructure network, using its 210 Points of Presence (PoPs) and 200-Tbps filtering capacity, to absorb the flood.

But Gcore’s Head of Security, Andrey Slastenov, warns that more industries within the hosting sector are in peril.

More attacks are rising across the entire hosting sector, with the eyes of bad actors glued to tech and financial services, specifically at the network (L3-L4) and application (L7) layers.

“While this event was a short-burst volumetric flood, across the industry we increasingly see campaigns used to probe resilience or coincide with other vectors,” Slastenov said. “Without robust, adaptive protection, organizations across tech, hosting, and enterprise sectors remain at risk.”

Though this large attack was on a gaming host, this specific sector’s share of total DDoS activity has actually decreased in the past year: Gcore’s Radar Attacks Trend report revealed that gaming accounted for 34% of all DDoS incidents in Q3-Q4 2024, but dropped to 19% in the first half of 2025.

The company theorizes that the shift may be due to the gaming industry’s long history as a top target: After years of being target practice, gaming hosts have simply become better at spotting and mitigating.

But the same can’t be said for everyone: Tech companies now account for 30% of all DDoS attacks.

Gcore attributes this surge partly to the explosive growth of unpatched IoT devices — everything from cameras and routers to industrial sensors — that attackers can easily hijack into massive botnets capable of flooding the network.

Slastenov told HostingAdvice: “[It’s] a serious issue that gets continuously worse because of the fast global growth of digitalization.”

The scale is there. Take a look at that 6-Tbps attack on the game hosting provider. Gcore found that 75% of its sources originated from Brazil and the U.S., noting that a “multi-regional origin . . . signal a concerning evolution of botnet capabilities.”

When you combine millions of unsecured IoT devices and a multiregional attack spread, it’s really no wonder that most attacks hit the L3-L4 and L7 layers. The network layer accounted for 62% of all DDoS incidents in Q1-Q2 2025 while 38% hit the application layer.

Slastenov said he recognizes that while Remote Triggered Black Hole (RTBH) technique is well-liked for its ability to redirect traffic into a “black hole,” he recommends layered defenses above all else.

“The actual solution for service availability is to use modern DDoS scrubbing centers with distributed, always-on protection capable of absorbing massive volumes and filtering attacks at L3/L4 and L7 layers,” he said. “This layered defense removes only the malicious traffic, ensuring legitimate user requests continue to reach the targeted resource even during a high-intensity burst.”

But that means that hosts have to make sure they have the capabilities to actually manage those attacks. In other words, you can’t fit a watermelon through a straw.

“We must not forget that in order to filter anything, this traffic must first be accepted and processed,” Slastenov said to HostingAdvice. “This means that, in addition to sophisticated AI protection, DDoS protection must have sufficient resources and bandwidth for protection.”