Cloudflare Fends Off 7.3 Million DDoS Attacks in Q2 2025 Amid Surge in Hyper-Volumetric Threats
Cloudflare mitigated 7.3 million DDoS attacks in the second quarter of 2025, marking a steep drop from Q1 but revealing a troubling shift in attack sophistication. While Layer 3/4 attacks declined 81 per cent, HTTP-based attacks rose 9 per cent, with over 70 per cent linked to known botnets. The company highlighted a staggering 7.3 Tbps attack, one of over 6,500 hyper-volumetric events blocked during the quarter. Attackers are now blending large-scale floods with stealthy probes to exploit system vulnerabilities and evade conventional defences, reflecting an evolution in both volume and strategy.
The rise in ransom-based DDoS attacks—up 68 per cent quarter-over-quarter—further illustrates the monetization of this threat vector. Cloudflare also drew attention to the resurgence of DemonBot, a Linux-based botnet exploiting weak IoT configurations to launch UDP, TCP, and application-layer floods. Telecommunications, IT services, gaming, and gambling sectors were among the most targeted, with the highest attack activity observed in China, Brazil, and Germany. As attackers increasingly leverage reflection, amplification, and burst-layer tactics, Cloudflare warns that hyper-volumetric attacks are not only more frequent but also far more complex to mitigate.
