Source URL: https://blog.cloudflare.com/ddos-threat-report-for-2025-q1/
Source: The Cloudflare Blog
Title: Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report
Feedly Summary: DDoS attacks are surging. In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks.
AI Summary and Description: Yes
**Summary:**
The 21st edition of the Cloudflare DDoS Threat Report highlights significant escalations in DDoS attacks during Q1 2025, including record-breaking hyper-volumetric attacks. The report showcases the evolving tactics used by threat actors and emphasizes the critical need for automated, always-on security measures in order to effectively defend against such intensifying threats.
**Detailed Description:**
The Cloudflare DDoS Threat Report for Q1 2025 provides a thorough examination of the rising trend in Distributed Denial of Service (DDoS) attacks, presenting several alarming statistics and insights:
– **DDoS Activity Surge:**
– A record 20.5 million DDoS attacks were blocked, marking a **358% year-over-year (YoY)** increase and **198% quarter-over-quarter (QoQ)** increase.
– Notably, **16.8 million** of these were network-layer attacks, indicating a substantial rise in attack frequency.
– Hyper-volumetric DDoS attacks (exceeding 1-2 Tbps) were particularly concerning, with **over 700** such attacks blocked.
– **Record-Breaking Attacks:**
– The report documents the largest packet rate attack ever recorded at **4.8 billion packets per second (Bpps)**
– A concurrent flood attack peaked at **6.5 terabits per second (Tbps)**, tying the highest bandwidth attack on record.
– **Attack Patterns and Trends:**
– Attacks now often encompass multi-vector campaigns, employing various methods such as **SYN floods, Mirai botnets, and CLDAP amplification attacks**.
– Reflecting an emerging threat, the report noted a **3,488% QoQ increase** in CLDAP reflection/amplification attacks, highlighting changes in attack methodologies.
– **Geographical Insights:**
– The most attacked countries in Q1 shifted significantly, with Germany now as the number one target, followed closely by Turkey and China.
– The gambling and casinos sector experienced the highest frequency of attacks.
– **Threat Actor Behavior:**
– Many targeted customers are unaware of who the threats originate from, but reported competitors and state-sponsored actors as notable sources of these attacks.
– **Implications for Security:**
– Despite the rising size of attacks, a majority remain under 1 Gbps; however, the resiliency of most organizations to these “small” attacks is questionable, and even short-duration attacks can lead to extensive service outages.
– The report advocates for automated, inline, ever-present security solutions, as manual intervention is often too slow to effectively mitigate current threats.
– **Proactive Measures and Tools:**
– Cloudflare remains committed to providing DDoS protection, encouraging proactive strategies and offering resources such as the **DDoS Botnet Threat Feed**, which helps organizations identify abusive accounts.
The report suggests that security and compliance professionals must adapt to these evolving threats by deploying automated defense mechanisms to effectively manage and mitigate DDoS risks, ensuring robust protection against an increasingly hostile threat landscape.