Cyprus-based digital businesses face rising exposure to DDoS attacks, according to a new cybersecurity report by Qrator Labs.
The report highlighted the fact that fintech, e-commerce, IT and media emerged as the most targeted sectors globally during 2025,
The annual analysis shows that nearly three quarters of all DDoS attacks in 2025 were concentrated in four digitally dependent industries.
FinTech accounted for 26.6 per cent of attacks, followed by e-commerce at 21.3 per cent, information and communication technology at 13.4 per cent, and media at 11.6 per cent.
Together, these sectors represented almost 75 per cent of all recorded DDoS incidents mitigated by Qrator Labs during the year.
The findings are based on telemetry collected by the company’s traffic filtering infrastructure during real-world DDoS attacks handled throughout 2025.
The report has particular relevance for Cyprus, which hosts a growing ecosystem of fintech companies developing electronic payments, digital currencies, tokens, cryptocurrencies and related technologies.
“Criminal groups are actively studying how these new and not yet fully tested payment methods can be exploited for illicit purposes, including money laundering, payment obfuscation, theft, extortion, and fraud,” CTO Andrey Leskin told the Cyprus Mail.
“They also often use DDoS attacks as a means of blackmail in exchange for stopping the attack,” he added.
He said malicious actors increasingly combine DDoS attacks with fraud schemes designed to mislead customers.
“Attackers can send a phishing email to customers of a fintech company that includes a link to a fake website presented as the company’s official site,” said Leskin.
“At the same time, they launch a DDoS attack against the real company website, making it temporarily unavailable,” he added.
“As a result, users are unable to verify the link, assume the official site is simply down or that an old link no longer works, and end up entering their personal and financial data on the phishing site,” Leskin explained.
The report also documented the emergence of the largest DDoS botnet ever recorded, highlighting the scale of the threat.
Over the course of 2025, the botnet expanded from 1.33 million to 5.76 million infected devices.
The concentration of compromised hosts grew most rapidly in Brazil, Vietnam, the United States, India and Argentina.
Qrator Labs said this illustrates how large-scale attack infrastructure can form rapidly across multiple regions, increasing global systemic risk.
Beyond DDoS attacks, the report highlighted a sharp rise in other forms of automated abuse.
Bad bot activity increased by 30 per cent year on year, with e-commerce remaining the most targeted sector.
E-commerce accounted for 41.1 per cent of all recorded bad bot activity during 2025.
On a more positive note, the number of BGP incidents declined significantly, indicating gradual improvements in routing security practices.
Leskin said the evolving threat landscape creates a new operational dilemma for businesses.
“And this is where the dilemma begins,” said Leskin.
“If we restrict access for malicious bots using tools like CAPTCHAs, we also end up blocking legitimate bots that collect information for AI-powered browsers and search tools,” he added.
“As a result, we receive complaints from users who want to continue using these services but cannot access the content because of these restrictions,” Leskin said.
“This is why the key challenge of 2026 will be not simply distinguishing bots from humans, but separating malicious automated activity from legitimate robotic traffic,” he added.
The report also raised concerns specific to Cyprus’ digital resilience.
Leskin said the island’s external internet connectivity remains limited and potentially vulnerable to underwater cable disruptions.
He warned that large-scale DDoS attacks or bot activity targeting individual companies could trigger partial or even complete connectivity disruptions for other businesses operating in Cyprus.
This means companies need to organise DDoS protection both locally and through mitigation points in other countries, he said.
He also said some level of support from local internet service providers is required to further develop connectivity with Greece, Israel, Egypt and other neighbouring countries with terrestrial broadband access.
Qrator Labs is a Czech cybersecurity firm with a presence in Limassol.