DUBAI, UAE, 4th December, 2025: Cloudflare, Inc., the security, performance, and reliability
company helping to build a better Internet, has announced its 2025 Q3 DDoS report. This
report includes insights and trends about the DDoS threat landscape — as observed across
the global Cloudflare network, which is one of the largest in the world.
Key findings
• The Aisuru botnet unleashed hyper-volumetric attacks at unprecedented scale:
With an estimated 1–4 million infected hosts, the Aisuru botnet routinely launched
hyper-volumetric DDoS attacks exceeding 1 terabit per second (Tbps) and 1 billion
packets per second (Bpps) – with attacks surging 54% QoQ.
• AI companies capture the attention of attackers: DDoS attack traffic against AI
companies surged by as much as 347% MoM in September 2025, as public concern
and regulatory review of AI increases.
• Geopolitical events continue to reflect in the cyber world: Escalating EU-China
trade tensions over rare earth minerals and EV tariffs coincide with a significant
increase in DDoS attacks against the Mining, Minerals & Metals industry and the
Automotive industry.
DDoS attacks in numbers
• So far in 2025, and with an entire quarter to go until the end of the year, Cloudflare
has already mitigated 36.2 million DDoS attacks. That corresponds to 170% of the
DDoS attacks Cloudflare mitigated throughout 2024.
• In the third quarter of 2025, Cloudflare automatically detected and mitigated 8.3
million DDoS attacks, representing a 15% increase QoQ and 40% increase YoY.
• Network-layer DDoS attacks, accounting for 71% of the DDoS attacks in 2025 Q3, or
5.9 million DDoS attacks, increased by 87% QoQ and 95% YoY.
• HTTP DDoS attacks, accounting only for 29% of the DDoS attacks in 2025 Q3, or 2.4
million DDoS attacks, decreased by 41% QoQ and 17% YoY.
Attack characteristics
• While the majority of DDoS attacks are relatively small, in Q3, the amount of DDoS
attacks that exceeded 100 million packets per second (Mpps) increased by 189%
QoQ.
• Attacks exceeding 1 Tbps increased by 227% QoQ. On the HTTP layer, 4 out of
every 100 attacks exceeded 1 million requests per second.
• Most attacks, 71% of HTTP DDoS and 89% of network-layer, end in under 10
minutes. That’s too fast for any human or on-demand service to react. A short attack
may only last a few seconds, but the disruption it causes can be severe, and
recovery takes far longer.
Top attack sources
• Seven out of the ten top sources are locations within Asia
• Indonesia is the largest source of DDoS attacks, and it has been ranked number one
in the world for an entire year (since 2024 Q3).
Top attacked industries
• Top 10: In Q3 2025, Information Technology & Services topped the list as the most
attacked industry, followed by Telecommunications, Gambling & Casinos, Gaming,
Internet, Automotive, Banking and Financial Services, Retail, Consumer Electronics
and Media, Production & Publishing.
• DDoS attackers go after rare Earth minerals. DDoS attacks against the Mining,
Minerals & Metals industry significantly increased in the third quarter of 2025.
Overall, the Mining, Minerals & Metals industry surged 24 spots on the global
ranking, making it the 49th most attacked industry in the world.
• The Automotive industry saw the largest surge in DDoS attacks, leaping the industry
by 62 spots in just one quarter, placing it as the sixth most attacked industry in the
world.
• Cybersecurity companies also saw a significant increase in DDoS attacks. The
Cybersecurity industry hopped by 17 spots, making it the 13th most attacked industry
in the world.
DDoS attacks against AI surge by 347%
In September 2025, Cloudflare saw MoM spikes as high as 347% in HTTP DDoS attack
traffic against generative AI companies (based on a sample of leading generative AI
services).
Top attacked locations
• In the third quarter of 2025, China remained the most attacked, followed by Turkey in
second, and Germany in third place.
• The most notable changes within this quarter was an increase in DDoS attacks
against the United States, which leaped by 11 spots as the fifth most attacked
country.
• The Philippines saw the largest increase within the top 10 – it jumped by 20 spots.
Attack vectors
Network-layer DDoS attacks
• The amount of UDP DDoS attacks, partially fuelled by Aisuru attacks, increased by
231% QoQ making it the top attack vector at the network-layer.
• DNS floods came in second place, SYN floods in third, and ICMP floods in fourth —
accounting for just over half of all network-layer DDoS attacks.
• Although almost 10 years have passed since its first major debut, Mirai DDoS attacks
are still quite common. Almost 2 out of every 100 network-layer DDoS attacks are
launched by permutations of the Mirai botnet.
HTTP DDoS attacks
• Nearly 70% of HTTP DDoS attacks originated from botnets already known to
Cloudflare.
• Another ~20% of HTTP DDoS attacks originated from fake or headless browsers, or
included suspicious HTTP attributes.
• The remaining ~10% were a combination of generic floods, unusual requests, cache
busting attacks, and attacks that targeted login endpoints.
Commenting on the report, Bashar Bashaireh, Area VP Middle East, Türkiye & North Africa
at Cloudflare, says: ““What the Q3 2025 data clearly shows is that DDoS activity is
increasingly tied to geopolitical tension, critical infrastructure, and high-growth sectors such
as AI and telecommunications. Across the Middle East, where connectivity underpins
economic diversification and smart-nation initiatives, these findings are a timely reminder
that legacy defenses are no longer sufficient against today’s botnet-driven attacks.”
Note: Dive into the full report here.
-Ends-
Photo Caption: Bashar Bashaireh, AVP – Middle East, Türkiye & North Africa at
Cloudflare
About Cloudflare
Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better
Internet. Cloudflare’s suite of products protect and accelerate any Internet application online
without adding hardware, installing software, or changing a line of code. Internet properties
powered by Cloudflare have all web traffic routed through its intelligent global network, which
gets smarter with every request. As a result, they see significant improvement in performance
and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s
Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies
by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in
Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C.,
Toronto, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo
