Cloudflare reported a significant rise in DDoS attacks during the first quarter of 2025, mitigating 20.5 million attacks. This marks a 358% increase compared to the same period in 2024. The rise includes both the number and size of attacks, with some of the largest recorded. Researchers have observed a growing trend in multi-vector and hyper-volumetric attacks, signaling a shift in attack strategies.
One-third of the DDoS attacks, approximately 6.6 million, targeted Cloudflare’s infrastructure. These came during an 18-day multi-vector campaign, involving SYN floods, Mirai botnet attacks, and SSDP amplification attacks. Researchers noted over 700 hyper-volumetric attacks, each exceeding 1 terabit per second or 1 billion packets per second. The largest of these attacks reached 6.5 Tbps and 4.8 billion packets per second, posing significant threats to unprotected systems.
Despite these large attacks, most remain smaller in scale. Around 99% of network-layer attacks stayed under 1 Gbps, but even small attacks can disrupt unprotected services. Cloudflare highlighted the increasing speed of DDoS attacks, with many lasting less than a minute. The rapid pace of these incidents makes manual mitigation impractical, further emphasizing the need for automated defense mechanisms.
The report revealed that most victims were unsure about the attack’s origin. Among those who knew, competitors were the most commonly suspected. Emerging attack methods like CLDAP and ESP reflection attacks surged dramatically, leveraging UDP traffic to amplify malicious traffic. Cloudflare also noted shifts in attack locations, with Germany becoming the most targeted country and Hong Kong as the top source of DDoS traffic.
Reference:
