DDoS Report reveals a 40+% YoY increase and largest attack ever recorded

0

Cloudflare’s latest Q2 DDoS Threat Report reveals a surge in hyper-volumetric attacks and a global shift in threat sources and targets, as attackers grow more audacious and sophisticated.

The second quarter of 2025 has seen a dramatic escalation in Distributed Denial of Service (DDoS) attacks, with Cloudflare detecting and automatically mitigating more than 6,500 hyper-volumetric attacks — a record-breaking average of 71 such attacks per day.

These findings are part of Cloudflare’s Q2 2025 DDoS Threat Report, which tracks and analyses cyberattack trends from across the globe.

Despite an overall drop in the number of DDoS attacks from Q1 – down from 20.5 million to 7.3 million – Q2’s figures are still 44% higher than the same period in 2024, underlining the long-term upward trend in attack intensity and sophistication.

Another finding of the report include:

A Shifting Threat Landscape 

  • Telecommunications, service providers, and carriers were the most targeted industries in Q2, followed by the internet and IT services sectors. These industries — essential to national infrastructure — remain under sustained pressure from cybercriminals seeking to disrupt critical digital ecosystems.
  • Notably, China, Brazil and Germany topped the list of locations where Cloudflare customers experienced the highest volume of attacks, while Indonesia emerged as the leading origin point for malicious traffic — a role traditionally held by more established threat centres.

The Role of Botnets and Emerging Vectors 

  • More than 70% of HTTP DDoS attacks in Q2 were launched by known botnets. Cloudflare’s real-time threat intelligence and global reach enable it to rapidly detect and neutralise these botnets, ensuring protection across its entire customer base.
  • Emerging attack methods are also complicating defences. The Teeworlds flood attack vector spiked by 385% quarter-over-quarter, while legacy protocols like RIPv1 and VxWorks have made a comeback. Attackers are increasingly turning to unconventional tools to bypass traditional defences.

Ransom DDoS and Attribution Challenges 

  • Ransom-motivated DDoS attacks rose by 68% compared to the previous quarter. However, identifying attackers remains a challenge. In Q2, 71% of victims were unable to determine who was behind the attack. Among those who could, many cited competitors or suspected state-sponsored actors — particularly within high-risk sectors like gaming, gambling and crypto.
  • With 2025 only halfway through, Cloudflare has already mitigated 27.8 million DDoS attacks — 130% of the total for all of 2024. The volume, scale and persistence of attacks suggest that cybercriminals are not slowing down. Instead, they are evolving — and fast.
Share.