Edward Kiledjian's Threat Intel

Surging cyber threats: Comparative insights from 2025 reports

Reports from Cloudflare Radar, Imperva, Fastly, Akamai, Darktrace, Radware and Gcore highlight escalating cybersecurity risks in the first half of 2025, with botnets, nation-states and hacktivists emerging as key sources.

Record-breaking DDoS attacks surge globally

Cloudflare blocked 27.8 million distributed denial-of-service (DDoS) attacks in the first half of 2025. This included a 358 per cent year-over-year spike in Q1 alone, when the company mitigated 20.5 million attacks. In Q2, the largest recorded attack peaked at 7.3 terabits per second in May.

Imperva documented attacks in January reaching nearly 13.5 million requests per second, targeting a major U.S. beverage company using HTTP/2 rapid reset techniques. Fastly reported an 87 per cent increase in DDoS volume from March to April, with media and entertainment firms most affected. Akamai observed a 23 per cent rise in financial sector application-layer attacks year-over-year, with 38 per cent of volumetric events originating in the Asia-Pacific region.

Radware noted that generative artificial intelligence is helping novice attackers launch DDoS campaigns. Gcore recorded a 56 per cent year-over-year increase in attack volume during the second half of 2024.

Attack sources and techniques evolve

Key sources include Internet of Things (IoT) botnets such as Mirai variants. Prominent threat groups include pro-Russian hacktivists like Killnet and NoName057(16), who are behind several geopolitical DDoS campaigns. Flax Typhoon, a China-linked group, has focused on cyberespionage, while North Korea’s Lazarus Group has blended ransomware with DDoS tactics.

Attack methods have grown more sophisticated. Connection-less Lightweight Directory Access Protocol (CLDAP) attacks surged 3,488 per cent quarter-over-quarter. DNS floods accounted for 33 per cent of Layer 3/4 events. Multi-vector techniques combining user datagram protocol (UDP) and synchronization (SYN) floods—often enhanced by AI scripting—have become more prevalent.

Internet disruptions and infrastructure impacts

Internet disruptions in Q2 were attributed to cyberattacks, government shutdowns, power outages and undersea cable damage. Cloudflare’s 1.1.1.1 resolver experienced a 62-minute outage on July 14 due to configuration issues tied to changes in service topology.

ThousandEyes reported volatile internet service provider performance, with a 59 per cent global rise in disruptions between July 14 and 20, and a 32 per cent increase in the United States during the same period.

AI systems face mounting cyber risk

Cloudflare recorded 197 billion blocked attacks against generative AI systems over a 12-month period, including 39 billion DDoS attempts. Darktrace found that 78 per cent of chief information security officers believe AI has significantly impacted the threat landscape—up five per cent year-over-year—though 60 per cent said they feel adequately prepared.

On July 1, Cloudflare introduced new tools to identify and manage automated AI crawler traffic, giving customers greater visibility and control over which large language models access their web content.

Cloudflare also reported global HTTP traffic averaging 63 million requests per second, alongside 42 million DNS queries per second. These figures represent a 2024 baseline as AI-driven workloads expand.

Looking ahead

These trends reinforce the need for resilient defences, cross-sector collaboration and real-time intelligence sharing. Security leaders and researchers can explore Cloudflare’s free Radar API for additional threat data and regional analysis.

— With files from Cloudflare Radar, Akamai SOTI, Imperva Threat Research, Fastly Threat Labs, Darktrace, Radware and Gcore