Just a few weeks ago, the social media platform X suffered a massive DDoS attack, resulting in intermittent outages. 

Although this was one of the first big DDoS attacks of 2025, it’s certainly not going to be the last.

What Is a DDoS Attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to overwhelm the target’s infrastructure with a flood of traffic. Companies like Google, GitHub, and Cloudflare have all been targets of DDoS attacks.

According to Statistica, in the fourth quarter of 2024, around 512,000 DDoS attacks were registered worldwide. That figure had already increased from 274,000 incidents in the first quarter of 2023, and is only expected to further increase in 2025.

And as websites go down, each attack can cost organizations an average of $6,000 per minute.

Why the Increase in DDoS Attacks? 

Several key factors are contributing to the dramatic increase and spikes in DDoS attacks: 

1. Rising geopolitical tensions. As a way to attack other nations and groups, DDoS attacks have been used to take down energy grids, transportation systems, and healthcare networks. 

2. Growth of IoT devices. The increase in new technologies, like IoT devices, has given more opportunities and attack surfaces for cybercriminals. Now, cybercriminals can exploit poorly secured IoT devices to fuel larger botnets, a network of computers infected by malware that are under the control of a single attacking party. 

3. Ransom attacks. To demand ransom payments, adversaries often attack and take down websites with DDoS attacks. Cloudflare estimates that 9-19% of DDoS attacks are financially motivated.

How to Protect Against DDoS Attacks? 

DDoS attacks show no signs of stopping. If anything, experts predict that both the frequency and sophistication of DDoS attacks will increase in the coming years. So what can you do to help protect against these attacks? 

1. Leverage AI/ML tools. Machine Learning (ML) can help identify attack patterns much faster than a human could and block malicious IP addresses before an attack brings your website down. 

2. Use various fingerprinting techniques. By identifying and blocking botnets early, most attacks can be mitigated.

3. Block IP addresses. Use rate limiting, whitelisting, and threat intelligence tools to block known attacker IPs. 

4. Implement a web application firewall (WAF). WAFs help block attacks using customizable policies to filter, inspect, and block malicious traffic. 

5. Monitor threats in real-time. Log monitoring can help pinpoint potential threats by analyzing traffic and any unusual activities. However, this requires a dedicated team to regularly monitor deployments. Alternatively, you can look for an external expert team so you can offload these tasks.

DDoS Protection in Action

DDoS attacks aren’t just a concern for large social media companies—every company, including yours, needs to be prepared. 

For example, a company in Brazil was targeted by a sophisticated botnet attack that occurred in multiple waves. This company received 360 million requests, and at the peak, they had 14.8 million requests coming in a minute. With ML, the company was able to identify a blocking rule in under two minutes after the first request came through.

Similarly, a critical infrastructure provider was attacked with more than two million requests per second, sending close to a billion requests in total. By blocking the fingerprints of the botnet, they were able to mitigate the attacks well before any damage could be done.  

In the past, a simple rate limit and fingerprint blocking may have been sufficient to prevent any attack. But that’s typically no longer the case. In 2025, we’re seeing attackers change tools, tactics, and botnets several times within a single attack, sometimes in less than 10 minutes. You have to be strategic with your cybersecurity strategy to defend against these increasingly sophisticated attacks.

Secure Your Solutions with Liferay

In the examples above, those companies were able to defend against DDoS attacks because their solutions were built with Liferay DXP. With a complete, flexible digital experience platform, these companies created the solutions they envisioned on an incredibly secure platform. 

For over two decades, Liferay has placed security, compliance, and data protection at the core of our product, offerings, and operations. Because of our expertise and emphasis on security, we’ve provided trusted solutions to industries where security is paramount, like finance, government, and healthcare.

Additionally, because of Liferay’s partnership with Google Cloud, our customers can take advantage of Google’s world-class secure infrastructure and technology with our Liferay’s deployments: Liferay PaaS or Liferay SaaS. This partnership helps improve web traffic coming from ISP networks, providing a sophisticated form of DDoS protection, CDN, load balancing, and WAF. 

With Liferay SaaS specifically, customers can offload data security and management to the Liferay team. Our SaaS offering provides features only available with SaaS, including: 

• AI-powered DDoS prevention and WAF to thwart cyber-terrorists.

• Threat intelligence rules deployed to block known adversaries.

• Monitoring incident management and security operations team available 24/7.

• Vulnerability monitoring and fixes to ensure attackers don’t get a foothold.

These features, including premium DDoS protection, are now also offered to Liferay PaaS customers through our Premium Security add-on subscription. 

Don't Wait to Secure Your Solutions 

You can’t afford to wait until the next DDoS attack hits. See how Liferay can help secure your digital solutions here.