Post

Cloudflare Mitigates Record-Breaking 7.3 Tbps DDoS Attack in Q2 2025

Posted
By Tom Grant
2 min read
Cloudflare Mitigates Record-Breaking 7.3 Tbps DDoS Attack in Q2 2025

TL;DR

In Q2 2025, Cloudflare mitigated a record-breaking 7.3 Tbps DDoS attack, highlighting a surge in hyper-volumetric attacks. This period saw over 6,500 such attacks, averaging 71 per day. While the total number of attacks decreased from Q1, the intensity and volume of these attacks reached new heights. Notably, China, Brazil, and Germany were the most targeted countries, with telecom, internet services, and IT sectors being the hardest hit.

Introduction

In Q2 2025, Cloudflare, a leading web infrastructure and website security company, successfully mitigated a record-breaking Distributed Denial of Service (DDoS) attack peaking at 7.3 terabits per second (Tbps). This period saw a significant surge in hyper-volumetric attacks, with over 6,500 attacks blocked, averaging 71 per day. While the total number of attacks decreased from 20.5 million in Q1 to 7.3 million in Q2, the intensity and volume of these attacks reached unprecedented levels.

Key Findings

Attack Statistics

  • Cloudflare mitigated 7.3 million DDoS attacks in Q2 2025, down from 20.5 million in Q1.
  • Hyper-volumetric attacks surged, with over 6,500 blocked, averaging 71 per day.
  • Attacks exceeding 100 million packets per second (pps) increased by 592% quarter-over-quarter (QoQ).
  • Attacks topping 1 billion pps or 1 Tbps doubled.
  • HTTP DDoS attacks above 1 million requests per second (rps) remained steady at approximately 20 million total, or 220,000 daily.

Geographical Distribution

  • Most Targeted Countries: China, Brazil, and Germany.
  • Significant Increases in Attack Activity: Russia and Vietnam, climbing 40 and 15 spots, respectively.
  • Top Sources of DDoS Attacks: Indonesia, Singapore, and Hong Kong.
  • Notable Rises: Russia and Ecuador also saw increased attack traffic.

Industry Impact

  • Hardest Hit Sectors: Telecom, internet services, and IT.
  • Surprising Entry: Agriculture made it into the top 10 targeted industries after a sharp rise in attacks.
  • VM-Based Botnets: A shift from weaker IoT botnets to stronger VM-based ones was observed, with German provider 3xK Tech becoming the top source of HTTP DDoS traffic.

Attack Methods and Mitigation

Revival of Old Methods

Attackers revived old DDoS methods targeting games, networks, and IoT devices. Notable tactics included:

  • Flooding Teeworlds game servers with fake UDP packets.
  • Exploiting outdated RIPv1 routing.
  • Abusing misconfigured RDP servers.
  • Infecting Linux-based IoT devices with DemonBot malware to launch high-volume floods.

Cloudflare’s Defense Mechanisms

Cloudflare employed various tools to protect customers:

  • Magic Transit: Provides DDoS protection for network infrastructure.
  • Spectrum: Protects applications and APIs from DDoS attacks.
  • Intelligent Filtering: Blocks attacks while preserving legitimate traffic and service availability.

Conclusion

The Q2 2025 report underscores the evolving landscape of DDoS attacks, with attackers employing more sophisticated and intense methods. Cloudflare’s successful mitigation of these attacks highlights the importance of robust, real-time defense mechanisms in protecting critical infrastructure. As the threat landscape continues to evolve, ongoing vigilance and advanced security measures will be crucial in safeguarding against future attacks.

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Cyber Attacks
cybersecurity ddos threat-intelligence
This post is licensed under CC BY 4.0 by the author.