Radware 2026 Global Threat Report Shows DDoS Attacks Jump 168% as Cyber Threats Escalate Across Networks and Applications

Primary driver of DDoS activity remains geopolitical and ideological conflict



AI-Driven Bot Attacks Accelerate Worldwide

MAHWAH, N.J., Feb. 19, 2026 (GLOBE NEWSWIRE) -- Radware® (NASDAQ:RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its 2026 Global Threat Analysis Report, revealing a dramatic escalation in cyberattack activity across both network and application layers throughout 2025. The new report, based on comprehensive analysis of data from Radware's cloud and managed security services and threat intelligence research teams, highlights the increasing sophistication, speed and scale of threats facing organizations worldwide.

In the 2026 report:

DDoS Attack Volume Skyrockets

Network-layer DDoS attacks, targeting layer 3 and 4 of the OSI model, increased 168.2% year over year, with peak attack volumes reaching almost 30 Tbps, signaling a resurgence of brute-force volumetric attacks.

• Attack Volume: In the second half of 2025, the average Radware customer experienced more than 25,351 network-layer DDoS attacks, an average of 139 attacks per day, driving the sharp year-over-year increase.
• Industry Targets: Technology, telecommunications and financial services were the most targeted sectors, together accounting for the majority of large-scale network DDoS campaigns. The technology sector alone represented 45% of all network-layer DDoS attacks, up sharply from 8.77% in 2024.
• Geographic Targets: North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).
  
  
  
  

Web DDoS Activity Surges

Web DDoS attacks, targeting layer 7 of the OSI model, climbed 101.4% compared to 2024, reflecting a dramatic rise in application-layer disruption campaigns. Most high-impact Web DDoS attacks now last less than 60 seconds, making manual mitigation and human-in-the-loop defenses increasingly ineffective.

• Attack Volume: 94.4% of Web DDoS attacks measured under 100,000 requests per second, highlighting a shift toward smaller, more frequent and persistent attacks designed to evade traditional detection thresholds.
• Industry Targets: Online services, financial services and retail organizations experienced the highest volumes of Web DDoS activity, reflecting attackers' focus on revenue-generating digital platforms and customer-facing services.
• Geographic Targets: EMEA remained the most targeted region, accounting for 57% of all Web DDoS attacks globally, while APAC experienced the fastest growth, with Web DDoS attacks in the region surging 485% year over year.
  
  
  
  

Application and API Attacks Accelerate

Malicious web application and API transactions rose 128% year over year, confirming the application layer as the primary battleground for modern cyberattacks.

• Attack Volume: Vulnerability exploitation accounted for 41.8% of observed application-layer attacks, rising to nearly 58% in Q4 2025, as attackers shifted away from commoditized techniques toward vulnerability exploitation, business logic and API abuse.
• Industry Targets: Technology-driven organizations with extensive API ecosystems — including SaaS providers, cloud platforms and fintech firms — faced the highest levels of application-layer exploitation.
• Geographic Targets: North America and EMEA together accounted for the majority of malicious application and API traffic, reflecting dense concentrations of exposed digital services.
  
  
  
  

AI-Powered and Automated Threats on the Rise

Bad bot activity increased 91.8%, fueled by generative AI tools that have lowered the barrier to entry for attackers and enabled large-scale credential stuffing, scraping and account takeover campaigns.

• Attack Volume: In just the first six months of 2025, bad bot activity reached 89.2% of the total volume observed across all of 2024, underscoring the explosive growth of automated threats.
• Geographic Targets: North America accounted for 40.7% of malicious bot transactions, followed by APAC (25%), EMEA (19.1%) and Central and Latin America (15.2%).

Hacktivism: A Persistent Threat

Beyond the technical evolution of attacks, a primary driver of DDoS activity remains geopolitical and ideological conflict. In 2025, hacktivist targeting remained sustained and evolved into a persistent, high-volume threat.

• Regional Concentration: Europe bore the brunt, accounting for 48.4% of all claimed attacks, significantly outpacing the Middle East (17.7%) and Asia (17.5%).
• Nation and Industry Targets: The highest volumes of claimed attacks were directed at Israel (12.2%), the United States (9.4%), and Ukraine (8.9%) with government services the primary target at 38.8% of all claimed attacks.
• Most Active Threat Actor: The group NoName057 (16) set yet another historical record by claiming 4,693 attacks, solidifying its position as the most active hacktivist entity in history.
  
  
  
  

"The threat landscape continues to evolve with unprecedented speed and complexity," said Pascal Geenans, vice president of threat intelligence at Radware. "Our 2026 Global Threat Analysis Report underscores how attackers are leveraging automation, AI and multi-vector strategies to disrupt operations at scale. Organizations must adopt resilient, automated defenses capable of responding in seconds — not minutes — to stay ahead in this environment."

Radware's complete 2026 Global Threat Analysis Report can be downloaded here.

Radware Webinar on 2026 Global Threat Analysis Report



Radware will host a webinar on March 19, 2026, 2026 Global Threat Analysis Report: Analysis of the Global Network and Application Attack Trends of 2025 where Pascal Geenans, vice president of threat intelligence at Radware will discuss the report.

Security leaders and researchers are invited to attend and explore the report and its data on cyberattack activity throughout 2026.

Radware conducts threat research on behalf of the wider cybersecurity community, ensuring security professionals have the same insights as attackers. The complete research, including technical breakdowns and defense recommendations, will be available at Radware's Security Research Center following the webinar.

About Radware

Radware® (NASDAQ:RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company's cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware's solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2026 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE RADWARE 2026 GLOBAL THREAT ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.



Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement

This press release includes "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware's plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as "believes," "expects," "anticipates," "intends," "estimates," "plans," and similar expressions or future or conditional verbs such as "will," "should," "would," "may," and "could." For example, when we say in this press release that organizations must adopt resilient, automated defenses capable of responding in seconds — not minutes — to stay ahead in this environment, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware's current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia's military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning ("ERP") system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware's Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the SEC's website at www.sec.gov or may be obtained on Radware's website at www.radware.com.

Media Contact:

Gina Sorice

Radware

[email protected]

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/f106491e-5b23-4938-88e3-01bd6f6813b7