Cloudflare, Inc., the security, performance, and reliability company, has announced its Q2 2025 DDoS report. The report revealed key insights and emerging trends across the global DDoS threat landscape.

According to Cloudflare, Q2 saw a surge in hyper-volumetric DDoS attacks. The company automatically blocked its largest attacks ever recorded peaking at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps).

In total, Cloudflare mitigated 7.3 million DDoS attacks in Q2. This marked a drop from 20.5 million in Q1, which included a major 18-day attack campaign. Still, Q2 figures were 44% higher compared to the same period in 2024.

Cloudflare reported over 6,500 hyper-volumetric DDoS attacks this quarter, averaging 71 per day. These included:

• L3/4 DDoS attacks exceeding 1 Tbps or 1 Bpps
• HTTP DDoS attacks exceeding 1 million requests per second (Mrps)

While overall attack numbers declined, HTTP DDoS attacks increased 9% to 4.1 million. Layer 3/4 attacks, however, dropped 81% to 3.2 million.

The Telecommunications sector was the most targeted industry. Other affected sectors included Internet, IT & Services, Gaming, and Banking.

Top targeted countries by billing location were China, Brazil, Germany, India, and South Korea. Vietnam, Russia, and Azerbaijan also saw significant increases.

Cloudflare noted that 71% of respondents were unsure of the threat actor. Of the rest:

• 63% blamed competitors, especially in Gaming, Gambling, and Crypto
• 21% pointed to state-level actors
• 5% each cited self-DDoS, extortionists, or disgruntled users

Ransom DDoS attacks also rose. The number of affected Cloudflare customers jumped 68% from Q1 and 6% from Q2 2024.

Cloudflare revealed that botnets launched 71% of HTTP DDoS attacks. For L3/4, DNS floods remained the top vector, followed by SYN and UDP floods.

The report also highlighted emerging threats:

• Teeworlds flood attacks rose 385%
• RIPv1 floods increased 296%
• RDP floods climbed 173%
• Demon Bot and VxWorks floods also surged

Most DDoS attacks remained small. About 94% of L3/4 attacks were below 500 Mbps, and 85% stayed under 50,000 packets per second. However, hyper-volumetric attacks are rising. Six out of every 100 HTTP DDoS attacks exceeded 1 million requests per second.

Bashar Bashaireh, AVP Middle East, Türkiye & North Africa at Cloudflare, commented, “The Q2 data highlights how quickly the DDoS threat landscape is evolving. Attackers are launching faster, shorter, and more aggressive campaigns.”

Cloudflare emphasized the importance of always-on protection. The company remains focused on delivering unmetered, automated DDoS protection that scales with modern threats.

Related post

View all