Designed to inform enterprise security leaders and service providers as DDoS protection shifts from capacity-driven defense to operational accountability and local-first resilience

SINGAPORE, May 18, 2026 -- Nexusguard today released its 2025 DDoS Threat Analysis and Industry Perspectives report, examining how DDoS attacks are evolving, why traditional defenses are increasingly under strain, and what enterprise security leaders and service providers should consider as they prepare for 2026. The report argues that defending against DDoS is no longer about surviving the largest attacks - it is about preserving service quality, reducing hidden complexity, and ensuring operational accountability.

Key Insights for Enterprises and Service Providers

For enterprise CISOs, the report reframes DDoS as a question of business continuity, compliance, and customer trust. Modern attacks rarely take services fully offline. Instead, they degrade performance - dropped gaming sessions, failed mobile payments, delayed flights - and expose organizations to data sovereignty and regulatory risk when traffic is backhauled across borders. The report supports a shift from capacity-based metrics to user-centric, accountability-driven resilience.

For telcos, ISPs, SIs, and MSSPs, the report offers perspectives on service architecture, regional resilience, and the evolving DDoS protection market - supporting providers that are already offering DDoS protection as well as those evaluating entry into this market.

The 2025 Threat Landscape at a Glance

  • 97.3% year-over-year increase in total attacks
  • 1.40 Tbps peak volumetric attack bandwidth
  • 603% surge in stealthy IP fragmentation attacks
  • 177 IP prefixes hit simultaneously in the year's worst carpet-bombing event

Findings from the 2025 Report

  • Scale is routine, complexity is the real threat. Application-layer attacks reached 1.04 million HTTP/2 requests per second as attackers blend tactics across layers to evade standard filters.
  • Carpet-bombing is back. The most severe event of the year hit 177 /24 prefixes simultaneously, up from 41 the year before.
  • User impact is decoupled from peak size. Even mid-size attacks can break applications when traffic is forced through inefficient cross-border scrubbing, with disruption increasingly driven by mitigation side-effects and routing constraints rather than raw bandwidth.

Strategic Priorities for 2026

The report introduces a perspective Nexusguard calls "local-first resilience" - an approach that emphasizes regional scrubbing, jurisdiction-aware failover, and accountability metrics aligned to real user impact. It outlines three priorities for security and service leaders:

  • Shift from capacity to accountability metrics, including time to detection, latency, and post-incident root-cause clarity
  • Design local-first resilience, with regional scrubbing capacity and failover procedures that keep critical traffic within jurisdictional boundaries
  • Prepare for multi-vector stealth campaigns by combining on-premises filtering with cloud defenses to detect distributed, low-rate floods across multiple prefixes

Commenting on the report's findings, Juniman Kasman, CTO of Nexusguard, said: "Modern DDoS attacks are becoming more operationally disruptive, with attackers increasingly using tactics such as rapid-fire and carpet-bombing, and multi-vector floods to create instability rather than outright outages. The conversation now needs to move beyond peak attack sizes and toward operational accountability, regional resilience, and protecting real user experience."

A Companion Resource for Service Providers

To further support telcos, ISPs, SIs, and MSSPs, Nexusguard is also making available a complimentary licensed copy of the MarketsandMarkets™ DDoS Protection & Mitigation Security Market – Global Forecast to 2030 report. Together, the two reports offer a combined view of the threat landscape and the broader market context to help service providers consider their next stage of strategy and growth.

Download the Nexusguard 2025 DDoS Threat Analysis and Industry Perspectives report: https://www.nexusguard.com/threat-report/2025-ddos-threat-analysis-and-industry-perspectives

Download the complimentary licensed copy of the MarketsandMarkets™ DDoS Protection & Mitigation Security Market – Global Forecast to 2030 report.

https://www.nexusguard.com/ddos-protection-market-forecast-to-2030

About Nexusguard

Established in 2008 and headquartered in Singapore, Nexusguard is a global leader in DDoS protection. Using proprietary Bastions technology and a global network of over 50 scrubbing centers, we provide comprehensive protection for networks, web applications, and DNS against malicious attacks. Trusted by 100+ CSPs, including top global providers, and protecting 50,000+ ASNs, we deliver scalable solutions ensuring service availability, operational continuity, and peace of mind. Nexusguard also enables CSPs to offer DDoS-protection-as-a-service, unlocking new revenue opportunities. Visit www.nexusguard.com for more information.

Media Contact

Benjamin Yip

Head of Marketing

Media@nexusguard.com