Cloudflare, Inc., the security, performance, and reliability company, has released its Q1 2025 DDoS report. The report highlights trends and insights from one of the world’s largest global networks. The findings point to a sharp rise in DDoS attacks across industries and regions.

In just the first quarter of 2025, Cloudflare mitigated 20.5 million DDoS attacks. This figure nearly matches the total for all of 2024, which stood at 21.3 million. The company’s autonomous systems blocked 96% of the previous year’s total volume in just three months.

Network-layer attacks surged the most. Cloudflare mitigated 16.8 million such attacks in Q1 2025. That’s a 397% increase quarter-over-quarter and a 509% increase year-over-year. HTTP DDoS attacks rose by 7% QoQ and 118% YoY.

Hyper-volumetric attacks have become more frequent. Cloudflare blocked over 700 attacks exceeding 1 Tbps or 1 billion packets per second (Bpps). On average, it faced eight of these per day. Most were UDP-based and classified as network-layer DDoS.

Key observations:

• About 4 in 100,000 network-layer attacks were hyper-volumetric.
• 6 in 100 HTTP DDoS attacks exceeded 1 million requests per second (rps).
• 99% of L3/4 attacks remained under 1 Gbps and 1M pps.
• 94% of HTTP DDoS attacks were below 1M rps.

Most attacks were short. 89% of network-layer and 75% of HTTP DDoS attacks ended within 10 minutes. Some of the largest attacks lasted just a minute, leaving little time for human response.

Cloudflare identified Germany as the top target in Q1. The country jumped four spots to take first place. Turkey surged 11 positions to second. China dropped to third. Meanwhile, Hong Kong became the top source of DDoS attacks, followed by Indonesia and Argentina.

New attack vectors also gained traction. CLDAP reflection attacks saw a 3,488% QoQ increase. CLDAP, a UDP-based variant of LDAP, enables IP spoofing and is being abused for amplification. ESP reflection attacks rose by 2,301% QoQ. ESP, part of the IPsec protocol, can be exploited if misconfigured systems are targeted.

Industries affected the most in Q1 include:

• Gambling & Casinos (top target, up 4 spots)
• Telecommunications (second place)
• Information Technology & Services
• Internet
• Gaming
  The Airlines, Aviation & Aerospace sector had the largest leap, moving up 40 positions to enter the top 10.

The top five source countries for DDoS attacks were:

1. Hong Kong
2. Indonesia
3. Argentina
4. Singapore
5. Ukraine

Bashar Bashaireh, AVP Middle East, Türkiye & North Africa at Cloudflare, stated, “Many organizations still adopt DDoS protection only after an incident or rely on outdated solutions. Our data shows that proactive, always-on strategies are more effective. That’s why we focus on automation and in-line protection, powered by our 348 Tbps global network.”

Cloudflare’s findings underline a shift in the cyber threat landscape. The scale, speed, and volume of DDoS attacks continue to increase. Businesses are urged to adopt real-time, automated protection to remain resilient.

Related post

View all