Hackers unleashed a DDoS attack peaking above 2Tbps on a betting firm last quarter. It lasted over 40 minutes. Eleven spikes hammered the target, four topping 1Tbps each. No such assault exceeded 1Tbps in early 2025. Now they do, routinely. TechRadar Pro detailed this in coverage of Qrator Labs’ Q1 2026 report, which tracks the surge.
The botnet behind such power? It ballooned from 1.33 million infected devices to 13.5 million in one year. That’s tenfold growth, faster than forecasts predicted. Devices span the US, Brazil, India. The UK just cracked the top five sources. Qrator Labs’ data shows malicious bot requests hitting 2.5 billion blocked per month on average. One e-commerce site endured over 178 million blocked requests across two weeks—the longest ‘bad bot’ barrage in the period. Qrator Labs Q1 2026 Report lays out these numbers starkly.
Multi-vector assaults complicate matters further. Their share climbed from 8% to 10.7% of incidents. Network-layer floods paired with application-layer hits nearly doubled. Attackers mix protocols, vectors, durations. Dismantling them? Tougher now. Take Aeternum C2, a botnet loader using Polygon’s blockchain for commands. Smart contracts and public endpoints eliminate single failure points—no central domain to seize, no host to yank offline.
This isn’t isolated. Netscout’s 2H 2025 report logged over 8 million DDoS attacks across 203 countries. Peaks hit 30Tbps, driven by IoT botnets like Aisuru and TurboMirai variants. ‘Massive attack capacity: The period witnessed demonstration attacks up to 30 terabits per second and 4 gigapackets per second, primarily launched via Internet of Things (IoT) botnets,’ the report states. Compromised customer-premises gear spewed over 1Tbps outbound floods, risking broadband providers’ reputations and liabilities. Netscout 2H 2025 DDoS Threat Intelligence Report warns of coordinated surges, like 20,000 botnet-driven hits in July 2025 alone.
Cloudflare faced similar escalation. Their 2025 Q4 report cites a 31.4Tbps record from the Aisuru botnet—lasting 35 seconds. Hyper-volumetric strikes grew 700% year-over-year. Total attacks doubled in 2025. ‘The number of DDoS attacks more than doubled in 2025. The network layer is under particular threat as hyper-volumetric attacks grew 700%,’ Cloudflare notes. Botnets like Aisuru-Kimwolf hammered at 200 million requests per second. Cloudflare 2025 Q4 DDoS Threat Report.
Gcore’s Radar report for Q3-Q4 2025 echoes the frenzy. Attacks jumped to 1.3 million in Q4 2025 from 512,000 the prior year—a 150% rise. Volumes reached 12Tbps, six times higher. Tech sectors drew 34% of hits, finance 20%, gaming 19%. ‘DDoS attack volumes and scale have reached new levels, with the sixfold increase from 2.2 Tbps to 12 Tbps,’ Gcore reports. Insecure IoT, easy attack tools, geopolitical tensions fuel it. Gcore Radar Report via PR Newswire.
And the botnets keep evolving. Recent X posts highlight Mirai variants hitting end-of-life D-Link routers via CVE-2025-29635. Unpatched edge devices become ‘low-cost botnet fuel’ for DDoS. Nexcorium, another Mirai offshoot, turns vulnerable DVRs into soldiers. BleepingComputer covers the campaign. Akamai and FortiGuard Labs note parallel router and DVR exploits. Help Net Security.
Defenses strain under this weight. Traditional blocks falter against geo-spread botnets. Country filtering? Useless when infections blanket nations. Blockchain C2s dodge takedowns. AI aids attackers now—dark web LLMs speed exploits, boost botnet growth. Netscout saw 219% more mentions of malicious AI tools. Human response windows shrink to seconds for Tbps blasts.
Providers adapt. Gcore thwarted a 6Tbps, 5.3Bpps UDP flood in 2025—30-45 seconds long, multi-regional. Cloudflare pushes autonomous edge mitigation. ‘Organizations must shift to automated, edge-based mitigation that can respond in seconds. Legacy scrubbing center models are no longer sufficient,’ their 2026 report urges. Cloudflare 2026 Threat Report.
Betting and e-commerce felt Q1 2026’s brunt. But finance, tech, gaming top ongoing lists. Broadband firms face outbound risks from hijacked CPE. Critical infrastructure looms vulnerable—Netscout flags government, transport, finance hits.
Scale keeps climbing. Qrator’s 13.5 million-device monster signals more. Aisuru’s 31.4Tbps bar may fall soon. Attacks blend volumetric floods with app-layer precision, bot-driven persistence. Defenders need speed, scale, intelligence—or networks crumble.
WebProNews is an iEntry Publication