State of DDoS 2026: Annual Threat Report + Mid-Year Update | Flowtriq

Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →

1-Second Detection<br>Know the instant traffic spikes. PPS checked every second.

Attack Classification<br>Identifies 8 attack types with protocol-level confidence scores.

Node Firewall Rules<br>Per-server iptables, null-routes, CDN rules & scripts.

Cloud Scrubbing<br>Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.

BGP Mitigation<br>Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.

Multi-Channel Alerts<br>Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.

PCAP Capture<br>Full packet capture with AI-powered forensic analysis.

Layer 7 Detection<br>HTTP flood, credential stuffing, API abuse & bot detection.

Automated Runbooks<br>Chain mitigation steps into automated incident response playbooks.

Analytics<br>Baselines<br>Threat Intel & IOC<br>Multi-Node<br>Status Pages<br>Correlation<br>Audit Log<br>Attack Profiles<br>Flow Collection<br>Mirror / SPAN Mode NEW

Learn

Documentation<br>Quick Start<br>API Reference<br>Agent Setup<br>DDoS Protection Landscape<br>State of DDoS 2026 REPORT<br>Free Certifications

Research & Guides

Mirai Botnet Kill Switch Research<br>memcached Amplification<br>Dynamic Baselines<br>PCAP Forensics<br>PagerDuty Setup

Company

About Us<br>Partners<br>Managed Protection<br>Whitelabel / Reseller<br>Affiliate Program<br>Pay with Crypto<br>System Status

Legal & Support

Contact Us<br>Security<br>Trust Center<br>Terms<br>Privacy<br>SLA

Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases &rarr;<br>Talk to Us &rarr;

Infrastructure

Hosting Providers<br>ISPs<br>MSPs/MSSPs<br>Small Operators<br>Routers<br>Edge Node Defense<br>Proxy Providers<br>VPN Providers

Gaming & Entertainment

Game Server Hosting<br>Game Studios<br>Esports Platforms<br>iGaming & Sportsbooks

Business & Emerging

SaaS Platforms<br>E-Commerce<br>Financial Services<br>Compliance<br>VoIP & Cloud Calling<br>GPU & AI Cloud

Home<br>Features<br>&rsaquo; Detection<br>&rsaquo; Classification<br>&rsaquo; Firewall Rules<br>&rsaquo; Attack Profiles<br>&rsaquo; Flow Collection<br>&rsaquo; Mirror / SPAN Mode NEW<br>&rsaquo; Cloud Scrubbing<br>&rsaquo; BGP Mitigation<br>&rsaquo; IOC Matching<br>&rsaquo; Alerts<br>&rsaquo; PCAP Capture<br>&rsaquo; Layer 7 Detection<br>&rsaquo; Status Pages<br>&rsaquo; Analytics<br>&rsaquo; Baselines<br>&rsaquo; Threat Intel<br>Use Cases<br>&rsaquo; All Use Cases<br>&rsaquo; Hosting Providers<br>&rsaquo; ISPs<br>&rsaquo; MSPs<br>&rsaquo; Small Operators<br>&rsaquo; Routers<br>&rsaquo; Edge Node Defense<br>&rsaquo; Proxy Providers<br>&rsaquo; VPN Providers<br>&rsaquo; Game Server Hosting<br>&rsaquo; Game Studios<br>&rsaquo; Esports Platforms<br>&rsaquo; iGaming & Sportsbooks<br>&rsaquo; SaaS Platforms<br>&rsaquo; E-Commerce<br>&rsaquo; Financial Services<br>&rsaquo; Compliance<br>&rsaquo; VoIP & Cloud Calling<br>&rsaquo; GPU & AI Cloud<br>Pricing<br>&rsaquo; Managed Protection<br>University<br>Resources<br>&rsaquo; About<br>&rsaquo; Documentation<br>Whitelabel / Reseller<br>Certifications<br>Trust Center<br>Pay with Crypto<br>State of DDoS 2026<br>Blog<br>Contact

Sign In<br>Start Free Trial

Annual Report

State of DDoS 2026

Attack trends, vector analysis, and mitigation data from Flowtriq's detection network, combined with public intelligence from Cloudflare, Radware, Netscout, and ENISA.

Published March 15, 2026<br>Updated June 1, 2026<br>Platform data: 2025 + H1 2026<br>18 min read

121%

&uarr; YoY

More attacks<br>than 2024

31.4 Tbps

&uarr; record

Largest recorded<br>attack (Cloudflare)

62%

&uarr; 9pts

UDP-based<br>attack volume

14 min

&darr; from 23 min

Median attack<br>duration

Table of Contents

01 Executive Summary<br>02 Methodology<br>03 Attack Volume & Frequency<br>04 Attack Vectors<br>05 Attack Size & Duration<br>06 Target Industries<br>07 Botnets & Infrastructure<br>08 Notable Attacks of 2025<br>09 Mitigation Trends<br>10 2026 Predictions<br>11 H1 2026: Mid-Year Update

01Executive Summary

2025 was the most active year for DDoS attacks ever recorded. Every major reporting source (Cloudflare, Radware, Netscout, and Flowtriq's own detection network) reported record-breaking numbers across volume, frequency, and peak bandwidth.

Attack frequency more than doubled year-over-year. Cloudflare alone mitigated 47.1 million DDoS attacks in 2025, a 121% increase over 2024.[1] Across Flowtriq-monitored infrastructure, the average node experienced 4.2 incidents per month in 2025, up from 2.4 in 2024. This increase was not driven by a few heavily-targeted outliers: 81% of all monitored nodes saw at least one attack during the year, compared to 64% in 2024.

Attacks are getting shorter but more intense. The median attack duration dropped from 23 minutes to 14 minutes, while median peak PPS rose 41%. Attackers are favoring short, high-intensity bursts designed to overwhelm before defenses can react, making sub-second detection critical.

UDP-based volumetric floods remain dominant, accounting for 62% of all attack traffic observed by Flowtriq. But the composition shifted: DNS amplification surpassed...