Cloudflare has released its Q4 2025 DDoS Threat Report, revealing a year that pushed the limits of global internet security. The company recorded unprecedented growth in Distributed Denial of Service attacks, culminating in a record 31.4 Tbps DDoS blast one of the largest ever observed on the public internet.
Across the year, Cloudflare automatically mitigated 47.1 million attacks, representing a staggering 121% surge from 2024. On average, the network absorbed 5,376 attacks every hour, the majority of them hitting the network layer.
Network-layer attacks triple; Q4 marks dramatic escalation
Network-layer DDoS attacks experienced the steepest climb, more than tripling to 34.4 million events in 2025. In the final quarter alone, these attacks represented 78% of all DDoS activity seen across Cloudflare’s global footprint.
Regions also saw significant shifts in targeting patterns. Hong Kong vaulted 12 positions to become the world’s second-most attacked location, while the United Kingdom jumped an astonishing 36 spots to take sixth place.
“2025 showed us that DDoS attackers are scaling faster than ever only autonomous, intelligence‑driven defenses can keep organisations resilient.”
— Ercan Aydin, Cloudflare
Android TVs fuel hyper‑volumetric “Night Before Christmas” attacks
One of the most alarming developments was the rise of the Aisuru-Kimwolf botnet, a vast collection of 1–4 million infected Android TVs weaponized for hyper‑volumetric DDoS campaigns.
On December 19, 2025, the botnet unleashed its most aggressive wave dubbed “The Night Before Christmas” delivering HTTP floods exceeding 20 million requests per second, capable of overwhelming legacy mitigation systems and even threatening national-level connectivity.
Though dramatic, this campaign represented only a slice of the hyper‑volumetric attacks Cloudflare observed throughout the year.
Hyper‑volumetric attacks grow 700% year over year
The size and intensity of large-scale attacks soared throughout 2025. In Q4, hyper‑volumetric incidents rose 40% over the previous quarter, with overall attack magnitudes growing more than 700% compared to late 2024.
The peak: a 31.4 Tbps hit, lasting just 35 seconds but powerful enough to disrupt critical infrastructure had it not been mitigated instantly.
Telecom, IT services, and gaming take the hardest hits
The Telecommunications, Service Provider & Carrier sector was the most targeted industry in 2025, followed by Information Technology & Services. Online entertainment including Gambling & Casinos and Gaming also faced heavy pressure, with Computer Software rounding out the top five.
Global origins shift: Bangladesh emerges as top source
A significant reshuffling occurred in the origins of attack traffic. Bangladesh overtook Indonesia to become the largest source of DDoS attacks in Q4 2025. Ecuador also climbed two places to take the second spot, with Indonesia moving to third after dominating much of the year.
Cloud infrastructure providers dominate as attack sources
Cloudflare’s analysis highlighted a persistent trend: attackers increasingly hijack accessible cloud infrastructure to launch high-volume assaults. Networks belonging to DigitalOcean, Microsoft, Tencent, Oracle, and Hetzner featured prominently among the top 10 source ASNs, underscoring how easily provisioned cloud resources can be weaponized at scale.
A region on high alert
Commenting on the escalating threat, Ercan Aydin, Cloudflare’s AVP for the Middle East, Türkiye & Africa, noted the urgency for adaptive protection as digital adoption accelerates across the region.
“The scale and frequency of DDoS activity we observed in 2025 underscore how quickly threat actors are evolving their tactics. By proactively leveraging real-time intelligence and autonomous mitigation capabilities, we help organisations stay ahead of these escalating threats.”
