Corero's 2025 Threat Intelligence Report Reveals Strategic Shifts in DDoS Tactics and Rising Operational Strain for Defenders

Rhea-AI Summary

Corero Network Security (DDOSF) has released its 2025 Threat Intelligence Report, revealing significant changes in DDoS attack patterns during 2024. The report highlights that customers faced an average of 11 attacks per day, marking a 5% year-over-year increase. Key findings show attackers shifting away from mid-sized attacks (1-5Gbps), which declined from 19.4% in 2019 to 12.4% in 2024.

The report identifies emerging trends including increased attack frequency, adoption of chained vector campaigns that rotate protocols every 30-60 seconds, and operational challenges for defenders. According to Merrill Research's survey, over 50% of organizations struggle with cross-team coordination, while 68% face difficulties demonstrating DDoS protection ROI to leadership.

Positive

• Attack pattern insights provide valuable intelligence for improving defense strategies
• Company demonstrates market leadership in DDoS protection research and analysis
• Report findings can help drive product development and market positioning

Negative

• Increasing frequency of DDoS attacks (11 per day) may strain company resources
• Operational challenges in demonstrating ROI could affect sales cycles
• Growing complexity in attack patterns may require additional R&D investment

LONDON, May 7, 2025 /PRNewswire/ -- Today, Corero Network Security (AIM: CNS) (OTCQX: DDOSF), the distributed denial of service (DDoS) protection specialists, released its 2025 Threat Intelligence Report, offering new insight into how DDoS attacks evolved throughout 2024. Drawing on global telemetry and independent research from Merrill Research, the report highlights key changes in attacker strategy and mounting complexity for defenders.

Rather than relying solely on large, disruptive floods, attackers are increasingly favoring frequency, evasion, and coordinated execution. At the same time, defenders face growing difficulty keeping pace, hindered by fragmented responsibilities and limited visibility across hybrid environments.

"DDoS is no longer just a matter of stopping packets—it's about identifying patterns, coordinating teams, and mitigating before damage is done," said Ashley Stephenson, Chief Technology and Product Officer at Corero Network Security. "We see a growing gap between how attackers operate and how defenses are organized. Bridging that gap is essential."

Key Findings from the 2025 Report

• DDoS Frequency Reaches New Highs
  Corero customers experienced an average of 11 attacks per day in 2024—a 5% year-over-year increase and part of a broader multi-year trend. These frequent, low-volume events serve not just to disrupt, but to probe defenses, consume resources, and desensitize response teams.
• Mid-Sized Attacks Are Declining
  Attacks in the 1–5Gbps range, once common for their ability to evade detection while still causing harm, fell from 19.4% of all attacks in 2019 to just 12.4% in 2024. This ongoing reduction suggests a strategic shift, with attackers now opting for either stealthier sub-1Gbps probes or large-scale floods intended to overwhelm infrastructure.
• Attackers Adopt Chained, Adaptive Tactics
  Corero observed a growing pattern of multi-vector attacks, in which threat actors rotate between protocols every 30–60 seconds. These "chained vector" campaigns are designed to exploit detection delays and force constant reclassification by defenders—effectively keeping mitigation systems reactive rather than proactive.
• Operational Gaps Hamper Defense
  Findings from a survey conducted by Merrill Research and sponsored by Corero underscore the human and organizational challenges defenders face. Over 50% of respondents cited difficulty coordinating across teams, and 68% reported challenges demonstrating the ROI of DDoS protection to leadership. These challenges persist even in organizations with modern tooling.

"The data suggests DDoS background noise, in the form of smaller attacks, is increasingly a precursor to more dangerous DDoS incidents," Stephenson added. "Defenders can't treat these background attacks as exceptions. They are the new normal, and response needs to be integrated, automated, and cross-functional." 

The full 2025 Threat Intelligence Report is available now at http://www.corero.com/threat.

About Corero Network Security

Corero Network Security is a leading provider of DDoS protection solutions, specializing in automatic detection and protection solutions with network visibility, analytics, and reporting tools. Corero's technology protects against external and internal DDoS threats in complex edge and subscriber environments, ensuring internet service availability. With operational centers in Marlborough, Massachusetts, USA, and Edinburgh, UK, Corero is headquartered in London and listed on the London Stock Exchange's AIM market (ticker: CNS) and the US OTCQX Market (OTCQX: DDOSF).

View original content to download multimedia:https://www.prnewswire.com/news-releases/coreros-2025-threat-intelligence-report-reveals-strategic-shifts-in-ddos-tactics-and-rising-operational-strain-for-defenders-302447690.html

SOURCE Corero Network Security

FAQ

What are the key findings from Corero's (DDOSF) 2025 DDoS Threat Intelligence Report?

The report reveals customers faced 11 attacks per day (5% YoY increase), mid-sized attacks declined from 19.4% to 12.4%, and attackers are using chained vector campaigns. Additionally, 68% of organizations struggle to demonstrate DDoS protection ROI.

How has the frequency of DDoS attacks changed according to Corero's 2025 report?

According to the report, Corero customers experienced an average of 11 DDoS attacks per day in 2024, representing a 5% increase compared to the previous year.

What are the main challenges organizations face in DDoS defense according to Corero's research?

The research shows that over 50% of organizations struggle with cross-team coordination, and 68% face difficulties demonstrating the ROI of DDoS protection to leadership.

What is a chained vector DDoS attack according to Corero's 2025 report?

A chained vector attack is when threat actors rotate between protocols every 30-60 seconds, designed to exploit detection delays and force constant reclassification by defenders.

How have mid-sized DDoS attacks (1-5Gbps) changed from 2019 to 2024?

Mid-sized attacks between 1-5Gbps have declined significantly, falling from 19.4% of all attacks in 2019 to just 12.4% in 2024, indicating a strategic shift in attacker behavior.