Insights from Cloudflare’s 2025 Q3 DDoS Report
Cloudflare recently released its Q3 DDoS report for 2025, shedding light on the evolving landscape of Distributed Denial-of-Service (DDoS) attacks. These insights derive from their expansive global network, one of the largest in its realm, providing crucial data on current trends and threats.
Notable Findings
Aisuru Botnet’s Record Attacks
A major takeaway from the report is the emergence of the Aisuru botnet, which has launched hyper-volumetric DDoS attacks at levels never seen before. This botnet is estimated to have between 1 and 4 million infected devices, regularly delivering attacks that surpass 1 terabit per second (Tbps) and 1 billion packets per second (Bpps). Notably, the frequency of these attacks surged by 54% quarter-over-quarter.
Focus on AI Companies
DDoS attacks targeting artificial intelligence (AI) companies have skyrocketed, with a staggering month-over-month increase of 347% noted in September alone. This rise is reflective of escalating public concern and scrutiny over AI technologies, making these companies prime targets for attackers.
Geopolitical Influences
The report also points to a growing correlation between geopolitical events and cyber threats. Increasing trade tensions between the European Union and China, especially regarding rare earth minerals and electric vehicle tariffs, have been mirrored by a spike in attacks on industries related to mining, minerals, and automotive sectors.
DDoS Attack Statistics
The data reveals a staggering number of attacks in 2025. By Q3 2025, Cloudflare had already mitigated 36.2 million DDoS attacks, which is 170% more than the total mitigated throughout 2024. In just the third quarter, the company automatically detected 8.3 million attacks, marking a 15% increase from the previous quarter and a 40% surge compared to the same period last year.
Breakdown of Attack Types
- Network-layer DDoS Attacks: These constituted 71% of total attacks in Q3, totaling around 5.9 million—a dramatic rise of 87% from the previous quarter and a 95% increase year-over-year.
- HTTP DDoS Attacks: Accounting for 29% of incidents, these dropped to 2.4 million attacks, reflecting a decrease of 41% QoQ and 17% YoY.
Characteristics of Attacks
While many DDoS attacks tend to be smaller in scale, a significant uptick in larger attacks was noted in Q3. The frequency of attacks exceeding 100 million packets per second increased by 189%, and those surpassing 1 Tbps soared by 227%. Most of these assaults conclude in under 10 minutes, making timely human intervention nearly impossible and resulting in severe disruptions that require extended recovery periods.
Leading Sources of DDoS Attacks
It’s telling that seven out of the top ten origins of DDoS attacks are located in Asia. Indonesia continues to hold the title for the most significant source of attacks globally, maintaining its number one position since Q3 of 2024.
Most Affected Industries
In terms of industry impact, the Q3 2025 data shows the Information Technology & Services sector as the most frequent victim, followed by Telecommunications, Gambling, Gaming, and Automotive industries. The upward trend in attacks against the Mining, Minerals & Metals industry is notable, as it jumped by 24 spots in the global rankings, now sitting at 49th place. Additionally, the Automotive sector experienced an impressive leap of 62 spots, making it the sixth most attacked industry. Even cybersecurity firms are not immune, with a 17-position rise to the 13th spot on the list of attacked industries.
Surging Interest in AI Attacks
September 2025 marked an extraordinary spike in DDoS traffic aimed at generative AI companies, with numbers reflecting a massive 347% increase month-over-month.
Geography of Attacks
China remains the most targeted country for DDoS attacks, followed by Turkey and Germany. The United States saw a notable jump, moving up 11 spots to become the fifth most attacked nation, while the Philippines made a remarkable gain of 20 positions within the top ten.
Attack Vectors
Network-layer DDoS Attacks
UDP DDoS attacks, driven in part by the Aisuru botnet’s activities, saw a significant rise of 231% quarter-over-quarter, making it the leading attack vector at the network layer. Other common methods included DNS floods, SYN floods, and ICMP floods, together accounting for over half of all network-layer attacks. Notably, variations of the Mirai botnet continue to be a prevalent threat, surfacing in nearly 2% of network-layer attacks.
HTTP DDoS Attacks
On the HTTP side, around 70% of attacks were traced back to botnets already indexed by Cloudflare, with an additional 20% coming from headless browsers or sources displaying suspicious attributes.
Closing Thoughts from Cloudflare
Bashar Bashaireh, Cloudflare’s Area VP for the Middle East, Türkiye, and North Africa, emphasizes that the Q3 2025 data illustrates an increasing relationship between DDoS activity and geopolitical strife, particularly in critical sectors like AI and telecommunications. He underscores the necessity for updated security measures to combat today’s sophisticated botnet-driven assaults, especially in regions where digital connectivity is vital for economic progress and modernization.
