Cloudflare has published its Q1 2025 DDoS report, revealing that the company successfully mitigated an astounding 20.5 million DDoS attacks during the first quarter of the year. This marks a staggering 358% increase compared to the same period last year, highlighting the growing intensity and frequency of such cyber threats.
A significant portion of these attacks, approximately 6.6 million, were targeted directly at Cloudflare’s network infrastructure. This surge coincided with a prolonged 18-day campaign that employed multi-vector strategies to strike not only Cloudflare but also various hosting and service providers. The report notes that the type of attacks executed included SYN floods and Mirai botnet mobilizations.
In a testament to the severity of these attacks, researchers reported more than 700 hyper-volumetric assaults that exceeded 1 terabit per second. These attacks averaged eight occurrences each day, primarily consisting of UDP-based floods. Remarkably, some of the most fierce attacks were mitigated in late April, reaching peak magnitudes of 6.5 Tbps and 4.8 billion packets per second, with durations lasting less than a minute.
The short-lived nature of these attacks is becoming increasingly common, with about 89% of network-layer attacks and 75% of HTTP attacks concluding within just 10 minutes. In a concerning trend, most victims reported they were unaware of the perpetrators behind the attacks. Alarmingly, among those who did identify potential attackers, 39% suspected competitors, while 17% attributed the attacks to state-sponsored actors. The report highlights the rapid evolution of DDoS methods and emphasizes that manual mitigation strategies are no longer viable against the speed of recent attacks.
In terms of target locations, Germany has emerged as the most attacked country, followed closely by Turkey, which witnessed a significant jump in attack numbers. China has fallen to third place. The Gambling and Casinos industry has replaced Telecommunications as the most targeted sector during this quarter. Moreover, the origin of DDoS traffic has shifted, with Hong Kong now at the forefront, followed by Indonesia and Argentina. This pattern continues to indicate a reliance on compromised infrastructure hosted by major cloud service providers.