Cloudflare mitigated 8.3 million Distributed Denial-of-Service (DDoS) attacks in the third quarter (Q3) of 2025, the company reported in its latest DDoS Threat Report.
This quarterly total marks a 15% increase Quarter-over-Quarter (QoQ) and a 40% Year-over-Year (YoY) rise, reflecting the growing scale and frequency of attacks. Year-to-Date (YTD) through Q3, Cloudflare had blocked 36.2 million attacks, already 170% of the total mitigated across 2024.
The Q3 data also showed a shift in attack composition: 71% of incidents targeted the network layer, while 29% hit the HTTP layer. Network-layer attacks were increasingly UDP-based, growing 231% QoQ.
Hyper-Volumetric Attacks and Botnet Trends
Aisuru, the botnet previously known for a record 29.7 terabit-per-second (Tbps) attack reported in October, continued to dominate Q3 activity.
Cloudflare said 1,304 hyper-volumetric attacks were launched by Aisuru during the quarter, contributing to a YTD total of 2,867 attacks.
These campaigns leveraged millions of compromised devices and large-scale distributed networks, a sign that botnets remain a central driver of today’s most disruptive DDoS incidents.
Cloudflare also noted that 71% of HTTP attacks and 89% of network-layer attacks ended within 10 minutes, leaving operators with very little time to respond and causing extended operational recovery challenges.
Industries and Regions Under Pressure
Geopolitical and sector-specific targeting shaped the Q3 landscape. According to the report, automotive organizations jumped 62 places to become the sixth most attacked sector, while Mining, Minerals & Metals firms rose 24 spots to 49th.
Country-level spikes were equally pronounced: the Maldives climbed 125 places to 38th, France rose 65 places to 18th, and Belgium moved 63 places to 74th. Overall, China, Turkey, and Germany remained the most attacked countries, while the US rose 11 places to fifth.
Cloudflare concluded that current attack volumes and sophistication routinely exceed the capacity of legacy on-premise appliances and on-demand scrubbing services, emphasizing the need for organizations to review and strengthen their DDoS mitigation strategies.
