Claudflare said on Tuesday that it reduced 7.3 million distributed Daniel-Off-Service (DDOS) attacks in the second quarter of 2025, a significant decline from 20.5 million DDOS attacks, which was closed in the previous quarter.
“Overall, in Q2 2025, Hyper-Volumetric DDOs touched the sky,” said Omar Yokimik and George Pacco. “Cloudflare blocks more than 6,500 hyper-woltric DDOs attacks, average 71 per day.”
In Q1 2025, the company stated that the 18-day continuous campaign against its own and other important infrastructure protected by Cloudflare was responsible for the 13.5 million attacks seen during the time period. Cumulatively, Cloudflare has blocked around 28 million DDOs attacks, which has crossed the number of reduced attacks in all 2024.
Q2 2025 is a shocking DDOS attack of the attacks that has reached 7.3 terabit (TBPS) and 4.8 billion packets per second (BPPS) within a period of 45 seconds.
Large traffic spikes like these are in the headlines – but what is often remembered is how the attackers are now associated with small, targeted investigation. Instead of just heavy systems with the brutal force, they are massive flood mixture with a cool scan to find weak spots and only slip the previous defense manufactured to block the clear.
Layer 3/layer 4 (L3/4) DDOs attacks declined 81% quarter-spectacle, while the HTTP DDOS attack increased by 9% to 4.1 million. More than 70% of HTTP DDOS attacks were extracted from the known boatnets. The most common L3/4 attack vectors were flood attacks on DNS, TCP SYN and UDP protocols.
Telecom service providers and carriers were the most targeted, followed by Internet, IT services, gaming and gambling sectors.
China, Brazil, Germany, India, South Korea, Turkey, Hong Kong, Vietnam, Russia and Azerbaijan Claudflare emerged as the most attacked places based on the country’s billing country. Indonesia, Singapore, Hong Kong, Argentina and Ukraine were the top five sources of the DDOS attacks.
The web infrastructure and security company also revealed that the number of Hyper-Volumetric DDOS attacks increased by 100 million packets per second (PPS) as compared to the previous quarter.
Another important aspect is an increase of 68% in the Raunsam DDOS attack, which occurs when a malicious actor attempts to withdraw money from an organization, threatening them with a DDOS attack. It also includes landscapes where the attacks are carried out and ransom is demanded that they stop it from reworning.
“While most DDOs attacks are small, hyper-wolmetric DDOs are growing in size and frequency,” Cloudflare said. “Six of each 100 http DDOs attacks more than 1m rps, and 5 of each 10,000 L3/4 DDOs are more than 1 TBPS – 1,150% QOQ increase.”
The company has further focused on a botnet version Demonbott It infects the Linux-based system, mainly to list the unsafe IOT devices in a DDOS botet through open port or weak credentials, which can complete the UDP, TCP and application-layer floods.
“Attacks can usually operate command-end-control (C2) and can generate significant volumetric traffic, often targeting gaming, hosting, or enterprise services,” he said. “To avoid infection, to take advantage of antivirus software and domain filtering.”
Those infection vectors, exploited by Demonbott, highlight wide challenges with a bossen theme in the vulnerable IOT exposure, weak SSH credentials, and old firmware -DDOS botet proliferation. Related attack strategies, such as TCP reflection, DNS amplification, and burst-layer theft, application-layer threat reports of Claudflair and API security breakdown are being discussed rapidly.
