In the first half of 2025, Cloudflare has observed a dramatic escalation in Distributed Denial of Service (DDoS) attacks, surpassing the total number recorded in the entirety of 2024. The company’s latest DDoS threat report for the second quarter of 2025 reveals that 27.8 million attacks were mitigated in the first six months of the year, compared to 21.3 million in all of 2024.
The first quarter of 2025 was particularly intense, with over 20 million attacks blocked. This period included an 18-day campaign targeting Cloudflare’s infrastructure and other critical systems. Although the number of attacks in the second quarter decreased compared to the first, it still represented a 44% increase over the same period in 2024.
A significant trend in 2025 has been the rise of hyper-volumetric attacks—those exceeding 1 terabit per second (Tbps), 1 billion packets per second (Bpps), or 1 million requests per second (Mrps). In the second quarter alone, Cloudflare blocked over 6,500 such attacks, averaging 71 per day. Notably, the company mitigated a record-breaking attack that peaked at 7.3 Tbps.
Geographically, China emerged as the most targeted country, followed by Brazil and Germany. Russia and Vietnam also entered the top ten list of targeted nations. The telecommunications sector faced the highest number of attacks, with internet companies and IT firms also being heavily targeted. Interestingly, the agriculture sector saw a significant increase in attacks, jumping from 38th place to 8th in the second quarter.
On the offensive side, Indonesia was identified as the leading source of DDoS attacks, followed by Singapore, Hong Kong, Argentina, and Ukraine. Over 70% of these attacks were orchestrated using known botnets, highlighting the persistent threat posed by compromised networks of devices.
The methods employed in these attacks have also evolved. There has been a notable increase in reflection/amplification techniques, such as Connectionless Lightweight Directory Access Protocol (CLDAP) and Encapsulating Security Payload (ESP) attacks. CLDAP attacks surged by 3,488% quarter-over-quarter, while ESP attacks increased by 2,301%. These methods exploit misconfigured systems to amplify attack traffic, making them particularly effective and challenging to mitigate. ([peq42.com](https://peq42.com/blog/ddos-increase-by-358-in-2025/?utm_source=openai))
Despite the alarming rise in attack volume and sophistication, Cloudflare’s automated defenses have successfully mitigated these threats. The company’s proactive approach emphasizes the importance of continuous monitoring and real-time mitigation strategies to protect against the ever-evolving landscape of DDoS attacks.
