Cloudflare’s latest DDoS Threat Report for Q2 2025 paints a grim picture of the evolving cyber threat landscape, highlighting an alarming surge in distributed denial-of-service (DDoS) attacks and unprecedented attack volumes. One of the most concerning figures include a DDoS attack peaking at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (pps), which is the largest ever recorded globally.
While the overall number of DDoS attacks recorded in Q2, of 7.3 million, was down significantly from the 20.5 million recorded in Q1, Cloudflare notes that the year-on-year growth remains a cause for concern. Compared to Q2 2024, attacks were 44% higher, reflecting how attackers are shifting from sheer volume to targeted, high-impact disruption. The quarterly dip, Cloudflare suggests, may indicate cyclical behavior rather than long-term reprieve.
One of the most striking trends in Q2 was the continued rise in application-layer threats. HTTP-based DDoS attacks grew by 9% from the previous quarter and spiked 129% year-on-year, totaling over 4.1 million incidents. In contrast, traditional network-layer (L3/L4) attacks fell by 81% compared to Q1 2025, signaling a pivot in attacker strategy toward exhausting server-side resources with high-frequency web traffic.
Geopolitically, the focus of DDoS campaigns shifted as China emerged as the most targeted country, moving up two positions from the previous quarter. Brazil and Germany followed in second and third place, respectively. Notably, Russia and Vietnam surged into the top 10, with Russia jumping 40 spots and Vietnam rising by 15. This shift suggests a broader and more diverse geographic distribution of targets in Q2.
Meanwhile, the source of attacks saw a reshuffle, with Indonesia leading as the top origin of DDoS activity, followed by Singapore and Hong Kong. Russia and Ecuador also made significant climbs, further underscoring the increasingly decentralized and global nature of threat actors. The infrastructure sector bore the brunt of DDoS campaigns. Telecommunications companies, internet service providers, and carriers were the most heavily targeted, closely followed by businesses in the internet and IT sectors. Interestingly, the agriculture industry entered the top 10 most attacked sectors, leaping 38 places to occupy the eighth position, which is a reminder that critical sectors traditionally perceived as low-risk are now firmly in the crosshairs.
Cloudflare also reported a sharp rise in hyper-volumetric DDoS attacks including those exceeding 1 billion pps or 1 Tbps at the network layer, and 1 million requests per second at the application layer. The company mitigated over 6,500 such attacks in Q2 alone, averaging more than 70 per day. Attacks surpassing 100 million pps rose by an astonishing 592% compared to Q1, and those exceeding 1 billion pps or 1 Tbps doubled. Despite the quarterly decline in total DDoS events, the volume of HTTP DDoS attacks exceeding 1 million requests per second remained consistent with Q1, with around 20 million incidents recorded that translates to a daily average of 220,000 high-intensity application-layer attacks.
Users may access the Cloudflare report here, for more percipient details.
