🎯Cybercriminals are using smarter methods to launch attacks that can take down websites and services. They are now using AI to help them plan these attacks, making it easier for even inexperienced hackers to cause trouble. Companies need to strengthen their defenses to keep their systems safe.
The Threat
Akamai's recent findings reveal a concerning trend in cybersecurity: DDoS attacks, API abuse, and AI-driven tactics are merging into more coordinated and sophisticated cyberattacks. This convergence represents a significant evolution in how attackers operate, making it increasingly difficult for organizations to defend against these threats. Over the past year, Layer 7 DDoS attacks have surged by 104%, indicating a shift in focus from traditional network-level attacks to application-level disruptions that can evade detection.
Recent data from NETSCOUT corroborates this trend, noting that the second half of 2025 marked a pivotal shift in DDoS attacks, with attacks reaching up to 30 terabits per second. The integration of AI into these attacks has made sophisticated methods accessible to a broader range of threat actors, including those with limited technical skills. This evolution underscores the urgent need for organizations to adapt to a rapidly changing threat landscape.
The report highlights that these attacks are no longer isolated incidents. Instead, they are part of a larger strategy where attackers utilize multiple vectors simultaneously. For instance, a single attack may employ Layer 3, Layer 4, and Layer 7 tactics, complicating defense mechanisms. This multifaceted approach not only increases the effectiveness of attacks but also obscures their origins, making attribution challenging for security teams.
Who's Behind It
The rise in coordinated attacks is attributed to various threat actors, including criminal organizations and hacktivist groups. Notably, the Qilin group, a Russia-linked ransomware-as-a-service (RaaS) operation, has expanded its capabilities to include DDoS attacks. This evolution signifies a broader trend where established cybercriminals are integrating new attack methods into their arsenals, enhancing their operational effectiveness. Moreover, the use of botnets, such as TurboMirai, has become prevalent. These botnets can execute attacks across multiple layers, making them particularly dangerous. NETSCOUT's findings reveal that IoT botnets like Aisuru and TurboMirai variants are responsible for the most significant attacks, capable of launching assaults up to 30Tbps and 4Gpps. As organizations increasingly rely on APIs for their operations, these entry points become prime targets for exploitation. The growth of agentic AI in corporate environments further complicates matters, as it can be leveraged by attackers to amplify their efforts.
Tactics & Techniques
Attackers are employing various tactics to exploit vulnerabilities in APIs and web applications. Akamai reports that 87% of companies experienced an API-related security incident in 2025. Attackers often utilize unsanitized JSON in API requests to execute arbitrary commands, allowing them to compromise servers and incorporate them into DDoS-capable botnets.
The rise of DDoS-for-hire services has also democratized access to sophisticated attack tools. These platforms are now integrating dark-web large language models (LLMs) and conversational AI, lowering the technical barrier for launching complex, multivector attacks. Even unskilled threat actors can orchestrate sophisticated campaigns using natural-language prompts, increasing risk for all industries.
This trend highlights the need for organizations to rethink their security strategies. As APIs become more integral to business operations, the complexity of managing these interfaces increases. Attackers are continuously probing for security gaps, and the rise of shadow AI—undocumented APIs in SaaS applications—adds another layer of risk. This shadow AI can lead to greater exploitation opportunities, making it crucial for companies to ensure robust API security measures are in place.
Defensive Measures
To combat these evolving threats, organizations must adopt a converged security approach. This involves integrating teams focused on API security, AI governance, and web application defense to create a unified front against cyber threats. As Brent Maynard from Akamai points out, the convergence of attack methods necessitates a similar response from defenders.
CISOs are urged to review their risk portfolios critically. Key questions to consider include: Is the API program robust? Are DDoS protections capable of handling the latest Layer 7 attacks? The answers to these questions will determine an organization's resilience against the increasingly sophisticated landscape of cyber threats. By prioritizing comprehensive security strategies, businesses can better protect themselves from the coordinated cyberattacks of the future. Additionally, organizations must remain vigilant against the persistent threat posed by well-coordinated botnet-driven attacks, which are evolving rapidly and demonstrating resilience even in the face of law enforcement interventions.
As AI becomes more integrated into cyberattack strategies, organizations must enhance their defenses to counteract increasingly sophisticated threats. The rise of DDoS-for-hire services and the evolution of botnets necessitate a proactive approach to security.
