2024 was a "normal" year in the DDoS domain, with the expected continuous evolution but no real disruptive changes. In this article, we highlight the key developments and provide a brief outlook for 2025.

As always, the full logbook and a link to all ressources and vendor reports can be found in our "State of DDoS/2024" report.

Key Takeaways from 2024

  • AI to the Rescue: All major vendors have deployed or are actively testing ML-based botnet mitigation solutions (adaptive defense).
  • API Attacks Are on the Rise: APIs are easier to attack and harder to defend, making them a prime target for sophisticated attackers.
  • Attackers Have Professionalized Further: Instead of relying on hacked IoT botnets, adversaries now leverage rented cloud resources and proxy farms. 50% of attacks are now orchestrated by these professional threat actors.
  • physical DDoS became a thing, esp. during the olympics and baltic cable incidents, so we started tracking them

Outlook for 2025

  • AI on the Attacker Side: The use of AI to bypass CAPTCHA protections will become more prevalent.
  • Geo-Block Mitigation Will Gain Traction: More organizations will adopt geolocation-based traffic filtering as a defensive strategy.
  • Worldwide Hacktivism Is Here to Stay: Political and ideological DDoS campaigns will continue to shape the global threat landscape.