DigiCert RADAR reveals surge in DDoS attacks

29 Oct 2025

DigiCert has published its inaugural RADAR Threat Intelligence Brief, a quarterly report offering detailed insights into new cyber dangers. Sourced from vast data garnered through DigiCert's global security services—UltraDNS, UltraDDoS Protect, and UltraWAF—RADAR delivers a comprehensive snapshot of the shifting threat ecosystem.

The Q3 2025 report sheds light on a sharp increase in distributed denial-of-service (DDoS) attacks, described as reaching "internet tsunami" levels. Notable incidents peaked at 2.4 terabits per second (Tbps) and 3.7 Tbps, marking a substantial transformation in cyber conflict dynamics where the internet itself assumes a dual role as both the offensive tool and battleground.

Key insights from the Q3 2025 RADAR report

Record-Breaking DDoS Attacks: DigiCert's UltraDDoS Protect network successfully mitigated several multi-terabit attacks, the largest recorded so far, saving customers about 3,000 hours of potential website downtime.
Geopolitical Shifts and Cyber Risks: A significant portion of attack traffic is traced back to regions where digital infrastructure expands faster than regulatory measures, notably Vietnam, Russia, Colombia, and China, which are among the top five sources.
Higher Education Under Siege: Universities and academic networks experienced heightened DDoS activity in September, surpassing sectors like financial services and IT/Software services. This corresponds with peak enrolment times and relatively open network infrastructures.
The Rise of Automated Threats: Malicious web activity surged from 51% in July to 73% in September, with September alone witnessing 32 million bot violations, indicating that automation is increasingly driving large-scale cyber assaults.
DNS Errors Highlight Internet Vulnerabilities: A notable 22,000% rise in DNS misconfigurations underscores the widespread impact potential of even minor technical issues across the digital landscape.

Precision and scale in cyberattacks

Smith highlighted the necessity for organisations to maintain broad visibility across their infrastructure

Michael Smith, AppSec CTO at DigiCert, remarked, “Attackers are not just choosing between precision and scale anymore, they’re mastering both.” He noted that targeted precision attacks were prevalent in two of the three months, while in August, large-scale "carpet-bombing" campaigns comprised 65% of all incidents.

Emphasising the growing complexity of threats, Smith highlighted the necessity for organisations to maintain broad visibility across their infrastructure, applications, and identity to ensure resilience.

Focus on critical regions

Smith further noted, "The United States bore the brunt of these attacks, accounting for 58% of global DDoS activity, followed closely by the United Kingdom (11%) and Saudi Arabia (11%)."

He explained that adversaries are targeting critical infrastructure and geopolitically sensitive areas, where disruptions can provoke significant cascading effects.

Show full press release

DigiCert, a pioneering provider of digital trust, released its first RADAR Threat Intelligence Brief, a quarterly publication delivering data-driven insights on emerging cyber threats.

Drawing from trillions of network events across DigiCert’s global security platform, including UltraDNS, UltraDDoS Protect, and UltraWAF, RADAR provides one of the most comprehensive views of the evolving threat landscape.

Fundamental shift in cyber warfare

The Q3 2025 RADAR brief highlights an unprecedented surge in distributed denial-of-service (DDoS) attacks that reached “internet tsunami” scale, with two events peaking at 2.4 terabits per second (Tbps) and 3.7 Tbps, respectively.

These attacks underscore a fundamental shift in cyber warfare where the internet itself becomes both the weapon and the battlefield.

Top findings from the Q3 2025 DigiCert RADAR

DDoS Attacks Reach Record Scale: DigiCert’s UltraDDoS Protect network absorbed multiple multi-terabit attacks—the largest seen to date—while preventing an estimated 3,000 hours of potential website downtime for customers.
Geopolitical Realignment Fuels Cyber Risk: Attack traffic increasingly originates from regions where digital infrastructure is outpacing regulation, with Vietnam, Russia, Colombia, and China ranking among the top five sources.
Higher Education Targeted: September saw a significant rise in DDoS attacks on universities and academic networks, ranking higher than financial services and IT/Software services, timed with peak enrolment periods and open campus infrastructures.
Automation Drives Modern Threats: Malicious web activity rose from 51% in July to 73% in September, with 32 million bot violations recorded in September alone, confirming that automation now powers most large-scale attacks.
FormErr Spike Highlights DNS Interdependence: DNS errors caused by misconfigurations jumped 22,000% mid-quarter, reflecting how quickly issues can ripple across the internet.

Targeted precision attacks

“Attackers are not just choosing between precision and scale anymore, they’re mastering both,” said Michael Smith, AppSec CTO at DigiCert.

“Our data shows that targeted precision attacks dominated two of the three months, while large-scale carpet-bombing campaigns surged in August, accounting for 65% of all incidents. As threats grow more complex, organisations need visibility that spans infrastructure, applications and identity to stay resilient.”

Critical infrastructure and geopolitically significant regions

Smith added, “We also saw that the United States bore the brunt of these attacks, accounting for 58% of global DDoS activity, with the United Kingdom (11%) and Saudi Arabia (11%) also heavily targeted."

"Adversaries are focusing their firepower on critical infrastructure and geopolitically significant regions, those where disruption has the greatest ripple effect.”

Download PDF version Download PDF version

Add as a preferred source on Google