In the second quarter of 2025, Cloudflare reported a significant surge in hyper-volumetric Distributed Denial-of-Service (DDoS) attacks, with the most substantial assault peaking at an unprecedented 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps) within a mere 45 seconds. This attack targeted multiple IP addresses and ports of a hosting provider protected by Cloudflare’s Magic Transit service. The malicious traffic originated from 147 countries, with the highest volumes emanating from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. Despite the scale, Cloudflare’s network successfully mitigated the attack, ensuring uninterrupted service for the targeted provider.
Hyper-volumetric DDoS attacks, characterized by their massive scale exceeding 1 Tbps, have become increasingly prevalent. In Q2 2025, Cloudflare blocked over 6,500 such attacks, averaging 71 per day. This marks a significant increase from previous quarters, highlighting the escalating threat landscape. Notably, the number of attacks exceeding 100 million packets per second (pps) rose by 592% compared to the previous quarter.
The telecommunications sector bore the brunt of these attacks, followed by the Internet, IT services, gaming, and gambling industries. Geographically, China, Brazil, Germany, India, South Korea, Turkey, Hong Kong, Vietnam, Russia, and Azerbaijan were the most targeted regions. Conversely, Indonesia, Singapore, Hong Kong, Argentina, and Ukraine emerged as the top sources of DDoS attacks.
A concerning trend is the 68% increase in ransom DDoS attacks, where malicious actors threaten organizations with DDoS assaults unless a ransom is paid. These attacks often involve actual disruptions, followed by demands to prevent further incidents.
The rise of botnets like DemonBot, which infects Linux-based systems through open ports or weak credentials, has contributed to the surge in DDoS attacks. These botnets can generate significant volumetric traffic, often targeting gaming, hosting, or enterprise services. To mitigate such threats, organizations are advised to implement robust security measures, including antivirus software and domain filtering.
The evolving nature of DDoS attacks underscores the need for continuous vigilance and adaptive defense strategies. As attackers employ more sophisticated methods, leveraging automation and real-time threat intelligence becomes crucial in safeguarding digital infrastructure.
