News Security

Cloudflare Blocks Record-Breaking 7.3 Tbps DDoS Attack Amid Surge in Hyper-Volumetric Threats

Cloudflare Blocks Record 7.3 Tbps DDoS Attack in Q2 2025

Q2 2025 report reveals evolving tactics, legacy protocol abuse, and growing risks for telecom, IT, and gaming industries

Cloudflare has released its Q2 2025 DDoS Threat Report, revealing a significant shift in the threat landscape marked by more aggressive, hyper-volumetric attacks and increased targeting of critical infrastructure sectors like telecommunications, internet services, and gaming.

The standout highlight: Cloudflare mitigated the largest DDoS attack ever recorded, peaking at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps). Over the quarter, Cloudflare blocked 6,500+ hyper-volumetric DDoS attacks, averaging 71 per day — a staggering trend even as overall attack volumes fell from Q1 due to the end of a major 18-day campaign.

“The Q2 data highlights just how quickly the DDoS threat landscape is evolving — with attackers launching faster, shorter, and more aggressive campaigns across a broader range of industries and geographies,” said Bashar Bashaireh, AVP – Middle East, Türkiye & North Africa, Cloudflare. “These trends reinforce the need for organizations to adopt a proactive, always-on security posture.”

Despite a sharp drop in total attacks from 20.5 million in Q1 to 7.3 million in Q2, attacks remain 44% higher year-over-year. HTTP DDoS attacks climbed 9% to 4.1 million, while L3/4 attacks plummeted 81% to 3.2 million, revealing an evolution in attack vectors and scale.

Key Sector & Geography Trends

  • Telecoms, service providers, and carriers were the most targeted sectors, followed by IT, gaming, and gambling.
  • China emerged as the most attacked location, followed by Brazil, Germany, India, and South Korea.
  • Ransom DDoS (RDDoS) threats surged, with a 68% increase in incidents or threats compared to Q1.

Botnets, Protocol Abuse & Emerging Tactics

A significant 71% of HTTP DDoS attacks were launched via known botnets. Among L3/4 vectors, DNS floods topped the list, followed by SYN and UDP floods. Attackers increasingly abused obscure or legacy protocols — a 385% surge in Teeworlds floods, 296% in RIPv1 floods, and 173% in RDP floods, among others.

These trends signal heightened sophistication as attackers seek to bypass traditional defense mechanisms using unpredictable traffic patterns and underutilized protocol exploits.

Attack Size & Duration

While most attacks remain small — 94% of L3/4 attacks didn’t exceed 500 Mbps — the growth in massive, targeted attacks is accelerating. HTTP DDoS attacks exceeding 1 million requests per second now account for 6 out of every 100 incidents, while 1 in every 2,000 L3/4 attacks breached the 1 Tbps mark — up 1,150% QoQ.

Cloudflare emphasized its ongoing commitment to providing unmetered, automated DDoS protection that adapts to rising volumes and complexity. The company continues to invest in real-time threat intelligence, automation, and a global infrastructure that scales against the most extreme attack scenarios.

Related posts

DXC and 7AI Launch AI-Powered Agentic SOC to Redefine Managed Security Services

Enterprise IT World MEA

Tenable One Surpasses 300 Integrations, Becoming Cybersecurity’s Most Open Exposure Management Platform

Enterprise IT World MEA

Qualys Launches Industry-First Agentic AI-Powered Risk Operations Center

Enterprise IT World MEA

Leave a Comment