Radware released its 2026 Global Threat Analysis Report, reporting a dramatic escalation in cyberattack activity across network and application layers during 2025.

Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its 2026 Global Threat Analysis Report, revealing a dramatic escalation in cyberattack activity across both network and application layers throughout 2025. The new report, based on comprehensive analysis of data from Radware's cloud and managed security services and threat intelligence research teams, highlights the increasing sophistication, speed and scale of threats facing organizations worldwide.

In the 2026 report:

DDoS Attack Volume Skyrockets

Network-layer DDoS attacks, targeting layer 3 and 4 of the OSI model, increased 168.2% year over year, with peak attack volumes reaching almost 30 Tbps, signaling a resurgence of brute-force volumetric attacks.

Attack Volume: In the second half of 2025, the average Radware customer experienced more than 25,351 network-layer DDoS attacks, an average of 139 attacks per day, driving the sharp year-over-year increase.

Industry Targets: Technology, telecommunications and financial services were the most targeted sectors, together accounting for the majority of large-scale network DDoS campaigns. The technology sector alone represented 45% of all network-layer DDoS attacks, up sharply from 8.77% in 2024.

Geographic Targets: North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).

 

Web DDoS Activity Surges

Web DDoS attacks, targeting layer 7 of the OSI model, climbed 101.4% compared to 2024, reflecting a dramatic rise in application-layer disruption campaigns. Most high-impact Web DDoS attacks now last less than 60 seconds, making manual mitigation and human-in-the-loop defenses increasingly ineffective.

Attack Volume: 94.4% of Web DDoS attacks measured under 100,000 requests per second, highlighting a shift toward smaller, more frequent and persistent attacks designed to evade traditional detection thresholds.

Industry Targets: Online services, financial services and retail organizations experienced the highest volumes of Web DDoS activity, reflecting attackers' focus on revenue-generating digital platforms and customer-facing services.

Geographic Targets: EMEA remained the most targeted region, accounting for 57% of all Web DDoS attacks globally, while APAC experienced the fastest growth, with Web DDoS attacks in the region surging 485% year over year.

 

Application and API Attacks Accelerate

Malicious web application and API transactions rose 128% year over year, confirming the application layer as the primary battleground for modern cyberattacks.

Attack Volume: Vulnerability exploitation accounted for 41.8% of observed application-layer attacks, rising to nearly 58% in Q4 2025, as attackers shifted away from commoditized techniques toward vulnerability exploitation, business logic and API abuse.

Industry Targets: Technology-driven organizations with extensive API ecosystems — including SaaS providers, cloud platforms and fintech firms — faced the highest levels of application-layer exploitation.

Geographic Targets: North America and EMEA together accounted for the majority of malicious application and API traffic, reflecting dense concentrations of exposed digital services.

 

AI-Powered and Automated Threats on the Rise

Bad bot activity increased 91.8%, fueled by generative AI tools that have lowered the barrier to entry for attackers and enabled large-scale credential stuffing, scraping and account takeover campaigns.

Attack Volume: In just the first six months of 2025, bad bot activity reached 89.2% of the total volume observed across all of 2024, underscoring the explosive growth of automated threats.

Geographic Targets: North America accounted for 40.7% of malicious bot transactions, followed by APAC (25%), EMEA (19.1%) and Central and Latin America (15.2%).

Hacktivism: A Persistent Threat

Beyond the technical evolution of attacks, a primary driver of DDoS activity remains geopolitical and ideological conflict. In 2025, hacktivist targeting remained sustained and evolved into a persistent, high-volume threat.

Regional Concentration: Europe bore the brunt, accounting for 48.4% of all claimed attacks, significantly outpacing the Middle East (17.7%) and Asia (17.5%).

Nation and Industry Targets: The highest volumes of claimed attacks were directed at Israel (12.2%), the United States (9.4%), and Ukraine (8.9%) with government services the primary target at 38.8% of all claimed attacks.

Most Active Threat Actor: The group NoName057 (16) set yet another historical record by claiming 4,693 attacks, solidifying its position as the most active hacktivist entity in history.

 

"The threat landscape continues to evolve with unprecedented speed and complexity," said Pascal Geenans, vice president of threat intelligence at Radware. "Our 2026 Global Threat Analysis Report underscores how attackers are leveraging automation, AI and multi-vector strategies to disrupt operations at scale. Organizations must adopt resilient, automated defenses capable of responding in seconds — not minutes — to stay ahead in this environment."

http://www.datamonitor.com
Republication or redistribution, including by framing or similar means,
is expressly prohibited without prior written consent. Datamonitor shall 
not be liable for errors or delays in the content, or for any actions 
taken in reliance thereon
COMTEX_477065889/2227/2026-04-11T14:06:09