The fourth quarter of 2025 witnessed an unprecedented surge in distributed denial-of-service (DDoS) attacks, culminating in a record-breaking 31.4 Terabits per second assault. This milestone caps a year that saw DDoS attacks more than double, fundamentally reshaping the threat landscape for organizations worldwide.
The Scale of the Problem
In 2025, the total number of DDoS attacks reached an staggering 47.1 million—more than doubling from the previous year. This represents a 236% increase since 2023, with Cloudflare mitigating an average of 5,376 attacks every hour throughout the year. Of these, 3,925 were network-layer attacks and 1,451 were HTTP DDoS attacks.
The most substantial growth occurred in network-layer DDoS attacks, which more than tripled year-over-year. Cloudflare mitigated 34.4 million network-layer attacks in 2025, compared to just 11.4 million in 2024. This dramatic escalation demonstrates how threat actors are continuously evolving their tactics and expanding their capabilities.
The Night Before Christmas Campaign
On December 19, 2025, the Aisuru-Kimwolf botnet launched what security researchers dubbed "The Night Before Christmas" DDoS campaign. This sophisticated assault bombarded Cloudflare infrastructure and customers with hyper-volumetric HTTP DDoS attacks exceeding 200 million requests per second.
The Aisuru-Kimwolf botnet comprises an estimated 1-4 million infected devices, primarily Android TVs infected with malware. Throughout the campaign, Cloudflare's autonomous defense systems detected and mitigated 902 hyper-volumetric attacks, averaging 53 attacks per day over 17 days.
The scale of these attacks is difficult to comprehend. A 205 million requests per second assault is comparable to the combined populations of the UK, Germany, and Spain all simultaneously typing a website address and hitting enter at the same exact second. The average attack sizes during this campaign reached 3 billion packets per second, 4 Terabits per second, and 54 million requests per second.
Breaking Records Repeatedly
The 31.4 Tbps attack that occurred in Q4 2025 lasted just 35 seconds but shattered previous records. Throughout the year, attack sizes grew by over 700% compared to late 2024, with each successive record representing the largest publicly disclosed attack at that time.
Like all previous attacks, the 31.4 Tbps assault was detected and mitigated automatically by Cloudflare's autonomous DDoS defense systems, which adapted quickly to lock onto botnets such as Aisuru-Kimwolf. This demonstrates the critical importance of automated, AI-driven security systems that can respond faster than any human operator.
Industry and Geographic Targeting
The telecommunications, service providers, and carriers industry emerged as the most heavily targeted sector, displacing information technology and services from the top position. Gaming and gambling industries also faced intense attacks, ranking third and fourth respectively.
These targeting patterns reflect attackers' strategic focus on critical infrastructure, services that support other businesses, and industries with high financial sensitivity to service interruptions and latency.
Geographically, the threat landscape saw significant shifts. While China, Germany, Brazil, and the United States remained consistently targeted, Hong Kong jumped twelve places to become the second most attacked location. The United Kingdom experienced an even more dramatic rise, surging 36 places to become the sixth most-attacked location globally.
The Source of Attacks
Bangladesh dethroned Indonesia as the largest source of DDoS attacks in Q4 2025, with Ecuador jumping to second place. Argentina made a remarkable ascent, rising twenty places to become the fourth-largest attack source.
Analysis of source networks reveals that attackers predominantly leverage cloud computing platforms and infrastructure providers, including DigitalOcean, Microsoft, Tencent, Oracle, and Hetzner. This demonstrates the strong connection between easily-provisioned virtual machines and high-volume attacks.
Traditional telecommunications providers from the Asia-Pacific region also contribute significantly to attack traffic, confirming a two-pronged reality where attacks originate from both global cloud hubs and distributed telecommunications networks worldwide.
Implications for Cybersecurity
The exponential growth in DDoS attacks presents significant challenges for organizations relying on legacy protection solutions. On-premise mitigation appliances and on-demand scrubbing centers increasingly struggle to keep pace with attack sophistication and scale.
Modern threats require cloud-based, always-on DDoS protection with massive capacity distributed globally. Automated systems capable of detecting and mitigating attacks within seconds—not minutes or hours—are now essential rather than optional.
Organizations must also recognize that DDoS attacks are no longer isolated incidents but sustained campaigns that can last days or weeks. The 18-day campaign in Q1 2025 that generated 13.5 million network-layer attacks demonstrates the persistence and resources available to modern threat actors.
Looking Forward
As we move into 2026, the trajectory is clear: DDoS attacks will continue growing in frequency, sophistication, and scale. The barriers to launching massive attacks continue falling as botnets expand and attack tools become more accessible.
The emergence of massive IoT botnets composed of infected consumer devices like Android TVs represents a paradigm shift. These devices often lack basic security protections and can be compromised at scale, creating attack infrastructure capable of overwhelming even well-defended targets.
Defending against this evolving threat requires a fundamental shift in approach. Organizations need globally distributed, cloud-based protection with autonomous detection and mitigation capabilities. Manual intervention simply cannot respond quickly enough to modern attacks that ramp up in seconds and may last only minutes.
The record-breaking attacks of 2025 serve as a stark warning: the DDoS threat is accelerating, and organizations must evolve their defenses accordingly or risk becoming the next victim of these increasingly powerful cyber assaults.
Source: 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults - Cloudflare Blog