The cybersecurity landscape witnessed an extraordinary escalation in distributed denial-of-service (DDoS) attacks throughout 2025, culminating in a record-shattering 31.4 terabits per second (Tbps) attack that underscores the growing sophistication and scale of modern cyber threats.

The Year DDoS Attacks More Than Doubled

According to Cloudflare's latest quarterly DDoS threat report from Cloudforce One, 2025 saw DDoS attacks surge by an unprecedented 121%, with an average of 5,376 attacks automatically mitigated every single hour. This translates to a staggering 47.1 million total attacks throughout the year—more than double the previous year's figures. Between 2023 and 2025, DDoS attacks have spiked by an astonishing 236%.

The fourth quarter alone experienced a 31% increase in attacks compared to Q3, with network-layer DDoS attacks accounting for 78% of all incidents. More concerning is that network-layer attacks more than tripled year-over-year, reaching 34.4 million compared to just 11.4 million in 2024.

The Night Before Christmas Campaign

December 2025 brought what security researchers dubbed "The Night Before Christmas" DDoS campaign—an unprecedented bombardment launched by the Aisuru-Kimwolf botnet. Starting on December 19, this massive botnet, comprising an estimated 1-4 million infected devices (primarily Android TVs), unleashed hyper-volumetric HTTP DDoS attacks exceeding 200 million requests per second (Mrps).

To put this in perspective, a 205 Mrps attack is equivalent to the combined populations of the United Kingdom, Germany, and Spain all simultaneously typing a website address and hitting enter at the exact same second. Throughout the campaign, Cloudflare's autonomous defense systems detected and mitigated 902 hyper-volumetric attacks, averaging 53 attacks per day over the 17-day period.

The attacks reached maximum rates of 9 billion packets per second (Bpps), 24 Tbps, and 205 Mrps—unprecedented scales that would cripple most legacy protection solutions.

The 31.4 Tbps World Record

Just weeks before the Christmas campaign, Cloudflare detected and automatically mitigated a 31.4 Tbps DDoS attack that lasted a mere 35 seconds. This represents the largest publicly disclosed DDoS attack in history—a world record that demonstrates attack sizes have grown by over 700% compared to late 2024.

What makes these attacks particularly concerning is their hyper-volumetric nature. Throughout 2025, such attacks increased by 40% in Q4 alone compared to the previous quarter, targeting critical infrastructure across telecommunications, gaming, and generative AI services.

Industries and Regions Under Siege

The telecommunications, service providers, and carriers industry emerged as the most targeted sector, displacing the previously top-ranked information technology and services industry. Gambling, casinos, and gaming industries rounded out the top four most-attacked sectors—industries where service interruption directly impacts revenue.

Geographically, the threat landscape saw dramatic shifts. While China, Germany, Brazil, and the United States remained in the top five, Hong Kong surged twelve positions to become the second most-attacked location globally. The United Kingdom experienced an even more dramatic rise, jumping 36 places to become the sixth most-attacked location.

Attack Source Distribution

Bangladesh dethroned Indonesia as the largest source of DDoS attacks in Q4 2025, with Ecuador jumping to second place and Argentina soaring twenty positions to fourth. The data reveals that threat actors increasingly leverage cloud computing platforms and infrastructure providers, with attacks originating from major services including DigitalOcean, Microsoft Azure, Tencent Cloud, Oracle Cloud, and Hetzner.

This geographic and organizational diversity confirms that modern DDoS attacks are truly global phenomena, routed through the Internet's most critical pathways and utilizing easily-provisioned virtual machines for high-volume assaults.

The Defense Challenge

The rapid growth in attack sophistication and scale presents significant challenges for organizations relying on traditional on-premise mitigation appliances or on-demand scrubbing centers. The sheer volume and intensity of modern attacks require always-on, cloud-based protection with massive capacity.

Cloudflare addresses this through its global network and autonomous DDoS mitigation systems, providing free, unmetered protection regardless of attack size, duration, or volume. The company also offers a free DDoS Botnet Threat Feed for Service Providers, which over 800 networks worldwide have adopted to identify and neutralize botnet nodes at the source.

Looking Ahead

The 2025 threat landscape represents a watershed moment in cybersecurity. As attacks grow exponentially in both frequency and scale, organizations must reassess their defensive posture. The era of reactive, on-demand DDoS protection is ending—replaced by a necessity for always-on, globally distributed, AI-powered mitigation systems capable of absorbing multi-terabit attacks without human intervention.

The data is clear: DDoS attacks are not slowing down. With botnet capabilities expanding and attack techniques becoming more sophisticated, 2026 promises to test the resilience of Internet infrastructure like never before. Organizations that fail to modernize their defenses risk becoming the next headline in an increasingly dangerous digital landscape.

Source: Cloudflare DDoS Threat Report 2025 Q4, published by Cloudforce One. Data based on telemetry from Cloudflare's global network protecting approximately 20% of the web.