Cloudflare’s Q1 2025 DDoS Threat Report indicates a staggering 358% year-over-year increase in Distributed Denial of Service (DDoS) attacks, totaling 20.5 million. Germany emerged as the most affected country, with gaming and telecommunications sectors among the primary targets.
According to Cloudflare’s recent threat report, the digital landscape faced an unprecedented wave of DDoS attacks in the first quarter of 2025. The total number of these disruptive attacks surged to 20.5 million, representing an extraordinary 358% increase from the same quarter last year.
Notably, the report highlights a significant quarterly rise of 198% in the number of attacks, with 96% of DDoS attempts successfully blocked in the initial three months of 2025 compared to the entire previous year. These findings align with the latest Link11 European Cyber Report, which similarly flagged a considerable rise in DDoS incidents this year.
During an 18-day, multi-vector campaign, Cloudflare’s infrastructure faced around 6.6 million targeted attacks, employing methods such as SYN floods, Mirai botnet incursions, and SSDP amplification. This situation underscores the vulnerabilities present even among security service providers, emphasizing the necessity for robust and ongoing security measures.
The report further brought to light an alarming increase in hyper-volumetric DDoS attacks—those exceeding 1 Terabit per second (Tbps) or 1 billion packets per second (Bpps). Within the first quarter, Cloudflare effectively mitigated over 700 of these extensive attacks, averaging about eight significant incidents daily.
Germany led as the most attacked nation, followed by Turkey and China, while Hong Kong emerged as the top source of these DDoS threats, trailed by Indonesia and Argentina. The gambling and casino industries were the most frequently targeted sectors, with telecommunications, service providers, and aerospace also facing significant threats. Key cloud and hosting providers, including Hetzner, OVH, and DigitalOcean, consistently represented major sources of HTTP DDoS attacks.
Moreover, Cloudflare reported blocking several hyper-volumetric DDoS attacks in late April, with one notable incident peaking at an unprecedented 4.8 Bpps—an increase of 52% over the previous record. Additionally, a massive flood attack hit at 6.5 Tbps, matching the highest bandwidth attack ever publicly documented.
