The DDoS threat landscape continued to break records in the second quarter of 2025, with Cloudflare reporting it blocked the largest-ever attacks, peaking at 7.3 terabits per second (Tbps).
In its quarterly report, the company, which provides security and performance services for websites, said it automatically blocked over 6,500 ‘hyper-volumetric’ attacks, which average 71 per day. These attacks exceeded 1 Tbps or 1 billion packets per second (Bpps).
Although the total number of attacks mitigated by Cloudflare in Q2 dropped significantly to 7.3 million, down from 20.5mn in Q1, the total was still 44 per cent higher than the same period in 2024. The Q1 surge was driven by a single 18-day campaign against Cloudflare and its customers.
The report also found that: The telecommunications, service providers, and carriers sector was the most targeted industry.
China led as the most attacked country, followed by Brazil and Germany. The percentage of customers who reported being targeted by a ransom DDoS attack or threat increased by 68pc from the previous quarter.
The majority of HTTP DDoS attacks (71pc) were launched by known botnets.
DNS flood attacks were the most common Layer 3/Layer 4 DDoS attack vector, accounting for nearly a third of all attacks of that type.
Among emerging threats, Teeworlds flood attacks saw the biggest spike, jumping 385pc quarter-over-quarter.
Cloudflare assistant vice-president Middle East, Türkiye & North Africa Bashar Bashaireh said the data shows “how quickly the DDoS threat landscape is evolving,” with attackers launching “faster, shorter, and more aggressive campaigns.” He emphasised the need for organisations to adopt a proactive, “always-on” security posture.