Cloudflare's 2025 Q2 DDoS Threat Report: A Shift in Landscape
The cloud security giant, Cloudflare, has released its 2025 Q2 DDoS (Distributed Denial of Service) Threat Report, providing a snapshot of the evolving threat landscape. The report highlights the top ten sources of DDoS attacks, as well as industry trends and insights from surveyed customers.
According to Cloudflare's survey of over 1,500 customers who had identified their attackers, 63% pointed to competitors as the largest source of DDoS attacks. This is a significant shift in the traditional view that state-sponsored actors were the primary culprits behind these attacks. Instead, businesses in the crypto, gambling, and gaming industries are emerging as major players.
Other notable findings from the report include:
* 21% of respondents who identified their attackers said they were victims of state-sponsored attacks. * 5% of respondents accidentally launched DDoS attacks themselves due to server misconfigurations. * The most attacked location was China, which rose to position one, while Brazil climbed four positions to second place.
The report also provides insights into the top industry sources of DDoS attacks:
* Telecommunications: the most attacked industry * Internet and Information Technology Services: the second most attacked * Gaming and Gambling: the third and fourth most attacked industries
When it comes to country-level sources of DDoS attacks, Ukraine is the fifth-largest source, with an interesting caveat. Cloudflare notes that while Ukraine is the source, the attackers are consistently originating from Russian-occupied territories. This raises questions about the role of country origin in attributing attack responsibility.
Cloudflare also highlights the importance of network origins:
* Hetzner dropped to third place as the origin of DDoS attacks * DigitalOcean was pushed down to position two by Drei-K-Tech-GmbH, which jumped six places to become the leading source of DDoS attacks
The report concludes that DDoS attacks could be better mitigated with increased collaboration between cloud computing providers and security solutions like Cloudflare. The company's program allows these providers to rapidly respond to bad actors abusing their networks, potentially reducing the number of DDoS attacks on the web.
Top Ten Country Origins Of DDOS Attacks
The following are the top ten country origins of DDoS attacks, based on Cloudflare's data:
- China (rose to position one)
- Brazil (climbed four positions to second place)
- Ukraine
- Netherlands
- Russia
- India
- United States
- Germany
- Australia
- Vietnam (jumped fifteen places to position eight)
Top ASN Sources Of DDOS Attacks
The following are the top ten Autonomous System Numbers (ASNs) of DDoS attacks, based on Cloudflare's data:
- Drei-K-Tech-GmbH
- Hetzner
- Microsoft
- Google Cloud Platform
- Alibaba
- Tencent
- DigitalOcean
- VPN providers
- Botnet nodes
- Anonymous VPNs
DDOS Attacks Could Be Better Mitigated
Cloudflare highlights its program that allows cloud computing providers to rapidly respond to bad actors abusing their networks. By joining this program, more providers could potentially reduce the number of DDoS attacks on the web.