Is Downtime the Goal? Q2 Report Shows Service Disruption Spiked Across Hosting Layers

A new Q2 2025 report by Qrator Labs found that application-layer (L7) attacks jumped 74% compared to the same period last year. Network and transport-later (L3 and L4, respectively) DDoS incidents also grew 43%, with some directly hitting hosting platforms.

At the same time, bad bot traffic only surged by 31%. The report noted that these bots are typically driven by hostile intent, which suggests that attackers are more focused on causing downtime than on malicious attacks.

More specifically, the top market segments targeted by L3, L4, and L7 attacks include:

• Fintech
  • L3-L4: 22.6%
  • L7: 43.6%
• eCommerce
  • L3-L4: 20.6%
  • L7: 22.6%
• Information & Communications Technology
  • L3-L4: 16.1%
  • L6: 18.2%

But while these attempts are getting more frequent, they’re also getting shorter. The longest L3-L4 attack lasted just 96.5 hours compared to the 2024 record of 463.9 hours (19 days).

While shorter bursts of attacks further suggest that attackers are prioritizing downtime, their motivation could be entirely different.

The big question is: Why the sudden spike?

For starters, there’s easy money in DDoS attacks. When a site goes down, sometimes a ransom is requested.

It’s also cheaper to hire someone to knock services offline rather than infiltrate an entire system, suggested Pascal Geenens, the Director of Threat Intelligence of Radware.

But Geenens also said it’s not always about the financial return. Instead, it may be a chance to show off.

“What we see from a lot of those providers of underground services is they need advertisement. They need to show that their product is good,” Geenens explained. “If you attack the pharmacy around the corner, nobody will be interested. But if you bring down a company like X, or Tesla, or SpaceX, you go after the big names.”

Teemu Ylhäisi, the CISO of OP Financial Group, described DDoS attacks as “demonstrations in the digital world.” In other words, they’re not intended to cause major harm, like data theft, but instead to send a message, whether ideological, financially motivated, or otherwise.

A Cloudflare report found that 63% of surveyed companies that experienced DDoS attacks pointed to their competitors as the culprits, though this was typically more common in the gaming, gambling, and crypto industries.

For example, one massive L3-L4 attack targeted a betting site, which coincided with a major NHL victory.

Or it could be a slew of botnets, randomly targeting sites and networks just to test how good they really are. This just means some sites are the unlucky winner of the day.

Botnets are scaling exponentially fast, though: Qrator reported yet another massive fallout, this time from a botnet that infected 4.6 million devices — 20 times the total number seen in all of 2024.

Botnets are also relentless and disguise themselves as legitimate web traffic, for example, via fake user requests. CMS sites, such as WordPress — which houses more than 40% of the internet — or API-heavy platforms — which have several endpoints — are especially vulnerable.

Research shows that providers are leveraging evolving defense techniques, including layered mitigation strategies, rate-limiting, and behavioral or anomaly detection with AI.

But ResearchGate found that certain techniques are more effective in identifying DDoS attacks than others, and unsurprisingly, AI is the most effective when it comes to accuracy and scalability.

Signature and anomaly methods are static by nature, so they rely on fixed rules and only adjust when someone updates them manually. Today’s attacks are so much smarter than that, and even harder to spot.

Hosts that still rely on firewalls that block only known IPs or limit requests per second are falling behind, and it’s long overdue to employ intelligent tools like AI-based behavioral analytics or AI-based detection that do more than a daily roundup.

It’s the classic case of fighting fire with fire: Cyberattackers are leveraging AI to relentlessly target infrastructure, so it only makes sense to fight back with the same tech.