Experts named the industries most susceptible to DDoS attacks

In the first quarter of 2025, for the first time, the service sector took the third place in terms of the number of DDoS attacks, overtaking the financial sector and the fuel and energy sector. In just three months, more than 27.9 thousand attacks on service companies were recorded. This was reported to Izvestia on April 9 by RED Security.

According to their data, in 2024, the service sector steadily rose in the ranking, with a quarterly increase in the number of attacks of about 35%. However, the dynamics accelerated dramatically in early 2025.: Malicious activity increased by 80% compared to the previous quarter.

The entertainment segment turned out to be the most vulnerable: cinemas, amusement parks and music services accounted for almost 75% of all attacks. Hackers were least likely to attack travel companies (3.7%) and real estate rental services (9%).

From a black approach: hackers have quadrupled their attacks on Russia

The public sector, postal services and cargo and passenger transportation were among the most affected industries.

According to Andrey Dugin, head of the cybersecurity Services center at RED Security, the growing interest of intruders in the resources of service organizations is explained by several factors. Firstly, in the era of digital reality, this is one of the most sought-after areas of online activity by the population, and therefore, the interruption of such resources will always be noticeable. Secondly, in terms of mass attacks, which include DDoS, hackers are switching to less protected business segments.

"Nevertheless, organizations in the financial sector, IT and telecom industries, industrial enterprises, fuel and energy complex and a number of other industries have been experiencing the burden of intense cyber attacks for many years and are actively implementing protection against basic threats, so attackers are looking for opportunities in new directions," said Dugin.

Geographically, metropolitan companies were most often attacked. Among the regions, the Volga, Ural and Southern Federal Districts became the leaders in the number of incidents.

Earlier, on April 1, Curator.CDN product manager Georgy Tarasov told Izvestia about a new scheme of attacks on applications. According to him, a bot attack with an unusual execution scenario occurred on the application of one of the major Russian airlines. More than 2.5 thousand individual bots requested flight searches and ticket prices for popular destinations using both home IP addresses and proxies from Russia, the United States, Singapore, Germany and Canada. The intensity of bot requests was quite low — within 60 per second from the entire botnet.