Cloudflare on Tuesday published its DDoS threat report for the second quarter of 2025, and the company says the number of attacks it blocked in the first half of the year already exceeds all the attacks mitigated in 2024.
In 2024, Cloudflare blocked a total of 21.3 million HTTP and Layer 3/4 DDoS attacks. In the first half of 2025, it has already mitigated 27.8 million attacks. More than 20 million of them were seen in Q1, when an 18-day campaign pummelled the company’s own infrastructure as well as other critical infrastructure.
While the number of attacks seen in Q2 decreased compared to the previous quarter, it was still 44% higher compared to Q2 2024.
The web performance and security company says hyper-volumetric attacks have surged. It blocked more than 6,500 in Q2 — 71 attacks per day on average — including a record-breaking attack that peaked at 7.3 terabits per second (Tbps).
Cloudflare describes hyper-volumetric attacks the ones that exceed 1 Tbps, 1 billion packets per second (Bpps), or 1 million requests per second (Mrps).
According to the company, in Q2 2025, China was once again the most targeted country, followed by Brazil and Germany, with Russia and Vietnam also jumping into the top 10.
Organizations in the telecoms sector were the most targeted, followed by internet companies and IT firms. One surprising entry in the top 10 is agriculture, which jumped from the 38th place to the 8th in Q2.
As for attack sources, Indonesia was the number one source, followed by Singapore, Hong Kong, Argentina, and Ukraine. More than 70% of the attacks were powered by known botnets.
Cloudflare highlighted some of the types of DDoS attacks seen in the second quarter. The list includes attacks targeting servers associated with the Teeworlds shooter game, the DemonBot botnet powered by IoT and other Linux systems, and flood attacks leveraging devices running the VxWorks RTOS.
Related: Europol Announces More DDoS Service Takedowns, Arrests
Related: New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
Related: Anonymous Sudan DDoS Service Disrupted, Members Charged by US
