Cloudflare, Inc., the security, performance, and reliability company, announced its 2025 Q3 DDoS report. The report revealed trends and insights across the global Cloudflare network, one of the largest in the world.

The report highlighted that the Aisuru botnet unleashed hyper-volumetric attacks at unprecedented scale. With an estimated 1–4 million infected hosts, the botnet routinely launched attacks exceeding 1 terabit per second (Tbps) and 1 billion packets per second (Bpps). These attacks surged 54% quarter-over-quarter (QoQ).

Cloudflare reported that DDoS attack traffic against AI companies increased sharply. In September 2025, attacks against generative AI firms rose by 347% month-over-month (MoM). The rise coincides with growing public concern and regulatory scrutiny of AI.

The report also revealed that geopolitical events continue to influence cyber activity. Escalating EU-China trade tensions over rare earth minerals and EV tariffs were reflected in a significant increase in attacks against the Mining, Minerals & Metals industry and the Automotive industry.

Cloudflare reported that, so far in 2025, it has mitigated 36.2 million DDoS attacks. This represents 170% of all attacks mitigated in 2024. In Q3 alone, the company automatically detected and mitigated 8.3 million attacks, marking a 15% increase QoQ and a 40% increase year-over-year (YoY).

Network-layer DDoS attacks accounted for 71% of all attacks in Q3, totaling 5.9 million attacks. These attacks increased 87% QoQ and 95% YoY. HTTP DDoS attacks, which made up 29% of attacks, decreased 41% QoQ and 17% YoY.

The report revealed that while most DDoS attacks are small, attacks exceeding 100 million packets per second (Mpps) rose 189% QoQ. Attacks over 1 Tbps increased by 227% QoQ. On the HTTP layer, 4 out of every 100 attacks exceeded 1 million requests per second. Most attacks, 71% of HTTP and 89% of network-layer, lasted under 10 minutes.

Cloudflare reported that seven out of the ten top attack sources were in Asia. Indonesia remained the largest source of DDoS attacks, holding the top rank since 2024 Q3.

Industries targeted most included Information Technology & Services, Telecommunications, Gambling & Casinos, Gaming, Internet, Automotive, Banking and Financial Services, Retail, Consumer Electronics, and Media, Production & Publishing. DDoS attacks against Mining, Minerals & Metals rose sharply, moving the sector up 24 spots globally. The Automotive industry surged 62 spots, ranking sixth most attacked. The Cybersecurity industry increased by 17 spots to become the 13th most targeted.

Cloudflare revealed that network-layer attack vectors were led by UDP floods, which rose 231% QoQ, followed by DNS floods, SYN floods, and ICMP floods. Mirai botnet attacks remained common, accounting for nearly 2% of network-layer attacks.

For HTTP DDoS attacks, 70% originated from known botnets. Around 20% came from fake or headless browsers or suspicious HTTP attributes, while the remaining 10% included generic floods, cache-busting attacks, and login endpoint targeting.

The report also revealed regional trends. China remained the most attacked country, followed by Turkey and Germany. The United States jumped to fifth place, while the Philippines rose 20 spots within the top ten.

Bashar Bashaireh, Area VP Middle East, Türkiye & North Africa at Cloudflare, commented on the report. He said, “The Q3 2025 data clearly shows that DDoS activity is increasingly tied to geopolitical tension, critical infrastructure, and high-growth sectors such as AI and telecommunications. These findings remind organizations that legacy defenses are no longer sufficient against today’s botnet-driven attacks.”

Related post

View all