In the third quarter of 2025, the Internet experienced a significant spike in cyberattacks, as documented in a thorough DDoS threat report from Cloudflare, a leading web security and infrastructure firm. This surge was notably driven by a prominent IoT botnet known as Aisuru, which executed some of the largest DDoS attacks on record.
Aisuru is estimated to consist of between 1 to 4 million compromised devices globally, making it a formidable resource that can be rented by individuals seeking to disrupt services for a price ranging from a few hundred to several thousand US dollars.
The Unprecedented Scale of Aisuru
Cloudflare indicated that Aisuru was behind a record-breaking DDoS attack, achieving a staggering peak of 29.7 terabits per second (Tbps) and 14.1 billion packets per second (Bpps). This immense traffic volume, facilitated through a method known as UDP carpet-bombing, has the potential to cause “collateral Internet disruption” with major Internet Service Providers (ISPs), affecting millions of users even when they are not the primary target.
Since the beginning of 2025, Cloudflare has intercepted 2,867 Aisuru attacks, with 1,304 occurring in just the third quarter, marking a 54% increase from the previous quarter. Overall, Cloudflare’s automated defense systems thwarted approximately 8.3 million DDoS attacks in the same period, representing a 40% year-over-year increase. Interestingly, a disparity is seen within attack categories: network-layer attacks rose by 87%, while HTTP attacks decreased by 41%. Notably, most of these attacks—71% of HTTP and 89% of network-layer—were resolved in under ten minutes, underscoring the challenges posed by human response times.
Geopolitics Influencing Targets
Certain sectors were disproportionately affected, with Information Technology & Services being the most attacked industry in Q3 2025, followed by Telecommunications and the Gambling and Casinos sectors. However, notable increases in attack frequency were linked to real-world events; for instance, Artificial Intelligence (AI) companies experienced a staggering 347% increase in DDoS traffic in September 2025, correlating with heightened discussions around AI regulation.
The Automotive sector also witnessed a remarkable rise in attacks, jumping 62 positions on the list of targeted industries, while the Mining, Minerals, and Metals sector faced similar challenges amid escalating trade tensions between the European Union and China. Countries such as the Maldives and France reported drastic increases in attacks—125 and 65 spots respectively—during periods of civil unrest, suggesting that threat actors actively exploit national turbulence to intensify their efforts.
China remains the most frequently attacked country, followed by Turkey, Germany, Brazil, and the United States, which climbed 11 spots in the rankings. Notably, Indonesia continues to be the primary source of these attacks for the fourth consecutive quarter, with seven of the top ten originating countries located in Asia.
Automated Defense is Key
Cloudflare has concluded that the speed of contemporary DDoS attacks demands a shift toward automated defense systems, as manual responses are increasingly inadequate. Cybercriminals relentlessly attack from multiple fronts, and although situations like these can be mitigated, they serve as a reminder that volume-driven DDoS campaigns are advancing beyond the capabilities of most organizations’ defenses.
Jake Moore, Global Cybersecurity Advisor at ESET, emphasized the implications of the Aisuru botnet, noting its scale and diverse traffic patterns highlight the limitations of traditional filtering methods. DDoS attacks allow perpetrators to target organizations without the need for direct network intrusions, enabling them to operate with a significant degree of anonymity while effectively disrupting services.
Moreover, even with robust cybersecurity measures in place, threat actors are becoming increasingly sophisticated, employing a growing number of IP addresses to overwhelm targeted systems. Organizations must remain vigilant and proactive in future-proofing their networks against evolving cyber threats, continuously preparing for unexpected challenges.
