DDoS assaults experienced a decline during the second quarter of 2025
A new wave of hyper-volumetric DDoS attacks has been sweeping across the digital landscape, with an alarming increase in both frequency and intensity. In the first half of 2025, these attacks have surged approximately 65-fold year-over-year, according to Cloudflare, with over 6,500 such attacks recorded in Q2 2025 alone.
The most notable example of this surge was a single attack that peaked at 7.3 terabits per second and 4.8 billion packets per second, one of the largest bursts of DDoS traffic Cloudflare has ever recorded. This attack, launched from 122,000 source IP addresses across 5,433 networks in 161 countries, utilized legacy amplification protocols such as QOTD, Echo, NTP, and RIPv1.
The trend towards more frequent and intense hyper-volumetric attacks is accompanied by a shift in attack characteristics. Instead of prolonged assaults, attacks are evolving into shorter but more intense bursts designed to overwhelm targets within seconds. There is also a strategic blend of massive volume floods alongside smaller, targeted scans aimed at probing defenses for vulnerabilities, making detection and mitigation more complex.
Despite a drop in the overall number of DDoS attacks from 20.5 million in Q1 to 7.3 million in Q2 2025, the proportion and scale of hyper-volumetric incidents have increased sharply. This underscores their growing threat level and sophistication. Cloudflare’s autonomous mitigation systems managed to contain the largest attacks in under a minute, but the scale underscores increased risks for infrastructure globally.
The total number of DDoS attacks in Q2 2025 was still 44% higher than the same period in 2024, reflecting an upward trend in overall attack volume and severity. The regions most targeted for DDoS attacks were not specified in the provided data, but it is known that sectors such as telecom and carrier networks, internet infrastructure, IT services, gaming platforms, and online gambling sites are the top targeted sectors due to their reliance on uptime and bandwidth.
Protecting against these increasingly sophisticated attacks requires a multi-layered approach, including stronger endpoint security, antivirus tools, domain filtering, and updated firmware. The rise in ransom DDoS incidents, where attackers demand payment in exchange for stopping or preventing attacks, also highlights the need for robust cybersecurity measures.
As the future of DDoS attacks is not just about size, but also about strategy, speed, and scale, it is clear that the cybersecurity landscape is becoming more volatile and challenging. It is essential for organisations to stay vigilant and invest in the necessary measures to protect their infrastructure and maintain business continuity.
References:
[1] Cloudflare (2025). Q2 2025 DDoS Threat Report
[2] Cloudflare (2025). Record-breaking 7.3 Tbps DDoS attack
[3] Cloudflare (2025). DDoS attacks drop 62% in Q2 2025
[4] Cloudflare (2025). Hyper-volumetric DDoS attacks on the rise
[5] Cloudflare (2025). DDoS attacks evolving into shorter, more intense bursts
In the face of these escalating hyper-volumetric DDoS attacks, data-and-cloud-computing providers and technology companies must bolster their cybersecurity measures to protect critical infrastructure and maintain business continuity. The evolving nature of these attacks, characterized by shorter but more intense bursts, necessitates a strategic approach to defense, encompassing stronger endpoint security, updated firmware, and robust cybersecurity measures.
