20.5 Million DDoS Barrage Shattered Records Leading Attack Fired Off 4.8 Billion Packets

Cloudflare’s latest DDoS Threat Report for the first quarter of 2025 reveals that the company mitigated a record-shattering 20.5 million Distributed Denial of Service (DDoS) attacks, marking a 358% surge year-over-year and a 198% increase quarter-over-quarter compared to the previous period.

This unprecedented volume, representing 96% of the total attacks blocked throughout the entire year of 2024, underscores the escalating sophistication and scale of cyber threats targeting global Internet infrastructure.

Cloudflare, leveraging its autonomous defense mechanisms, successfully thwarted every assault, including a historic 18-day multi-vector campaign that saw 6.6 million attacks aimed directly at its own network infrastructure, alongside strikes on hosting and service providers protected by its Magic Transit service.

– Advertisement –

Cloudflare Blocks Unprecedented Wave of Cyber Onslaughts in Q1 2025

Among the most alarming developments, Cloudflare documented over 700 hyper-volumetric attacks in Q1, defined as exceeding 1 Tbps or 1 Bpps, averaging about eight such incidents daily.

Network-layer attacks, comprising 16.8 million of the total, spiked by 397% QoQ and 509% YoY, often exploiting protocols like UDP for maximum disruption.

HTTP-layer attacks also grew, reflecting a 7% QoQ and 118% YoY rise, targeting application vulnerabilities with botnets and suspicious request patterns.

Notably, emerging threats like CLDAP reflection/amplification attacks surged by 3,488% QoQ, exploiting connectionless UDP protocols to overwhelm targets with spoofed, amplified responses.

Record-Breaking 4.8 Bpps and 6.5 Tbps Attacks

According to the Report, The intensity of these offensives peaked in April 2025 during a late-breaking campaign, where Cloudflare mitigated the most devastating packet-rate attack ever recorded, peaking at 4.8 billion packets per second (Bpps)-a 52% leap over the prior record of 3.15 Bpps.

Simultaneously, a colossal 6.5 terabits-per-second (Tbps) UDP flood matched the largest bandwidth attack publicly disclosed to date.

Originating from 147 countries and targeting multiple IP addresses and ports of a hosting provider under Cloudflare’s protection, these assaults lasted brief yet brutal bursts of 35 to 45 seconds.

Such brevity, coupled with cascading network failures that can persist for days, highlights the critical need for always-on, automated mitigation systems, as manual responses fall short against these rapid-fire threats.

Geographically, Germany emerged as the most targeted location, with Turkey and China following, while industries like Gambling & Casinos topped the list of attacked sectors, alongside Telecommunications and Gaming.

Threat actors ranged from competitors (39%) to state-sponsored entities (17%), with attack sources tracing back to major ASNs like Hetzner and OVH, often exploiting cloud infrastructure.

Despite the scale, 99% of network-layer attacks remained under 1 Gbps, and 89% lasted less than 10 minutes, yet their potential to cripple unprotected systems remains severe.

Cloudflare’s response, including initiatives like the free DDoS Botnet Threat Feed for service providers, aims to curb these abuses by pinpointing offending IPs within ASNs.

As cyber threats evolve, the 2025 Q1 data signals an urgent call for robust, proactive defenses to safeguard the digital ecosystem against increasingly ferocious DDoS campaigns.