Cloudflare has released its latest DDoS threat report, which revealed a mixed but worrying picture for Q2 2025. According to the report, the overall attack volume cooled off quarter-over-quarter, the intensity and scale of attacks continued to escalate, with the company recording its largest attack ever, peaking at 7.3 Tbps and 4.8 billion packets per second.
In Q2, Cloudflare blocked 7.3 million DDoS attacks, which is a sharp drop from the 20.5 million it mitigated in Q1. However, the YoY comparison tells a different story, as the attack volume was still 44% higher than in Q2 2024. It indicates that there’s a long-term rise in threat activity despite short-term fluctuations.
The report highlights a clear shift toward more complex application-layer attacks. While traditional network-layer DDoS activity dropped 81% quarter-over-quarter, HTTP-based attacks increased. Cloudflare mitigated 4.1 million HTTP DDoS incidents, which is a 9% increase from Q1 and a 129% spike YoY. This indicates a growing preference among attackers to disrupt services at the application layer, where attacks are harder to detect and stop.
Apart from that, the report reveals that China reclaimed its top spot as the most targeted country for DDoS attacks, overtaking previous leaders. Brazil and Germany followed in second and third place. Besides, Russia and Vietnam saw dramatic jumps, jumping forty and fifteen spots, respectively, into the top 10 most attacked locations globally.
On the other side of the map, Indonesia emerged as the leading source of DDoS attacks, followed by Singapore and Hong Kong. Russia and Ecuador also surged into the top 10 sources of origin, underlining the growing geographical spread of botnets and malicious traffic.
The most targeted sectors in Q2 were Telecommunications, Service Providers, and Carriers, which remain under constant pressure. Internet and IT companies followed closely behind. Interestingly, Agriculture jumped 38 places to land in the eighth spot, suggesting that critical infrastructure in traditionally low-risk industries is increasingly being targeted.
However, that’s not all, recently the company has rolled out its Log Explorer, which is a tool that helps businesses analyze security logs directly within the Cloudflare dashboard without the need for third-party systems. The tool is said to help teams act faster by removing the need to send logs to external platforms like traditional SIEMs.
Want more updates like this? Join us on WhatsApp and get the latest stories sent straight to your phone.
