DigiCert has released the first edition of its RADAR Threat Intelligence Brief, providing a detailed overview of emerging cyber threats in the third quarter of 2025.
This quarterly report utilizes data from DigiCert’s extensive global security platform, incorporating insights from UltraDNS, UltraDDoS Protect, and UltraWAF to present a comprehensive picture of the current threat landscape.
Rise of Distributed Denial-of-Service Attacks
The Q3 2025 RADAR brief highlights a dramatic increase in distributed denial-of-service (DDoS) attacks, reaching unprecedented levels.
Notably, two attacks in the period peaked at 2.4 terabits per second (Tbps) and 3.7 Tbps, respectively. These events illustrate a shift in cyber warfare dynamics, turning the internet into both weapon and battleground.
Major Findings from the Q3 2025 RADAR Brief
Attack traffic is increasingly emanating from places where digital infrastructure grows faster than regulatory measures
One of the key findings is the unprecedented scale of DDoS attacks. In particular, DigiCert's UltraDDoS Protect network managed to handle multiple multi-terabit attacks, averting an estimated 3,000 hours of website downtime for its clients.
It was also noted that geopolitical changes are amplifying cyber risks. Attack traffic is increasingly emanating from places where digital infrastructure grows faster than regulatory measures. Countries like Vietnam, Russia, Colombia, and China are among the top contributors of this traffic.
Another trend was the increased targeting of higher education institutions. September saw a spike in attacks against universities and other educational networks, surpassing the impact on financial services and IT/Software sectors. These attacks coincided with peak enrollment periods, exploiting the open nature of campus networks.
Impact of Automation on Cyber Threats
The report shows that automation is a significant force in modern cyber threats, with malicious web activity increasing sharply from July to September.
A total of 32 million bot violations were documented in September alone, indicating that automation is driving most large-scale attacks in the current environment.
Additionally, there was a dramatic increase in DNS errors, stemming from misconfigurations, which spiked by 22,000% mid-quarter. This reflects the intricate interdependence of DNS across the internet.
Insights into Attack Strategies
Smith explained that precision attacks were prominent in two of the quarter's three months
Michael Smith, AppSec CTO at DigiCert, remarked that attackers are now adept at both targeted precision attacks and large-scale campaigns.
Smith explained that precision attacks were prominent in two of the quarter's three months, while August experienced a surge in extensive “carpet-bombing” tactics, responsible for 65% of all events. Such complexity necessitates comprehensive visibility across infrastructure, applications, and identities to maintain resilience.
Focus on Critical Infrastructure
Smith also pointed out that the United States endured 58% of global DDoS attacks, while the United Kingdom and Saudi Arabia each faced 11% of these disruptions.
Adversaries are emphasizing assaults on critical infrastructure and strategic regions, where the effects of disruption are most profound, he added.
Find out about secure physical access control systems through layered cybersecurity practices.
