Cloudflare launched their 2025 Q2 DDoS Menace Report, which names the highest ten sources of DDoS assaults and cites companies concentrating on rivals as the biggest supply of DDoS assaults, in keeping with surveyed respondents who had recognized their attackers.
Survey: Who Attacked You?
Cloudflare surveyed prospects about DDoS assaults, and 29% claimed to have recognized the sources of these assaults. Of those that recognized the attackers, 63% pointed to rivals, the biggest of whom had been companies within the crypto, playing, and gaming industries. 21% of the respondents who recognized their attackers stated they had been victims of state‑sponsored assaults, and 5% stated that they had by accident attacked themselves, one thing that may occur with server misconfigurations
That is how Cloudflare defined it:
“When requested who was behind the DDoS assaults they skilled in 2025 Q2, the bulk (71%) of respondents stated they didn’t know who attacked them. Of the remaining 29% of respondents that claimed to have recognized the risk actor, 63% pointed to rivals, a sample particularly widespread within the Gaming, Playing and Crypto industries. One other 21% attributed the assault to state-level or state-sponsored actors, whereas 5% every stated they’d inadvertently attacked themselves (self-DDoS), had been focused by extortionists, or suffered an assault from disgruntled prospects/customers.”
Most Attacked Areas
One would assume that the USA could be probably the most attacked location, given what number of companies and web sites are positioned there. However probably the most attacked location was China, which climbed from place three to place one. Brazil additionally climbed 4 positions to second place. Turkey dropped 4 positions to land in sixth place, and Hong Kong dropped to seventh place. Vietnam, nevertheless, jumped fifteen locations to land in eighth place.
High Ten Most DDoS-Attacked Nations
- China
- Germany
- India
- South Korea
- Turkey
- Hong Kong
- Vietnam
- Russia
- Azerbaijan
High Attacked Industries
Telecommunications was probably the most attacked trade, adopted by Web and Info Know-how Companies. Gaming and Playing had been the third and fourth most attacked industries, adopted by Banking/Monetary and Retail industries.
- Telecommunications
- Web
- Info Know-how and Companies
- Gaming
- Playing and Casinos
- Banking and monetary Companies
- Retail
- Agriculture
- Laptop Software program
- Authorities
High Nation-Stage Sources Of DDOS Assaults
Cloudflare’s knowledge reveals that Ukraine is the fifth‑largest supply of DDoS assaults, however doesn’t say which areas of Ukraine are accountable. Once I take a look at my logs of bot assaults, the Ukrainian‑origin bots are persistently in Russian‑occupied territories. Cloudflare ought to have made a distinction about this level, in my view.
The nation of origin doesn’t imply that one nation is shiftier than one other. For instance, the Netherlands rank because the ninth‑largest supply of DDoS assaults, and which may be the case as a result of they’ve robust person privateness legal guidelines that defend VPN customers and are nicely positioned for low latency to each Europe and North America.
Cloudflare additionally present the next word about country-level origins:
“It’s essential to notice that these “supply” rankings replicate the place botnet nodes, proxy or VPN endpoints reside — not the precise location of risk actors. For L3/4 DDoS assaults, the place IP spoofing is rampant, we geolocate every packet to the Cloudflare knowledge heart that first ingested and blocked it, drawing on our presence in over 330 cities for really granular accuracy.”
High Ten Nation Origins Of DDOS Assaults
- Indonesia
- Singapore
- Hong Kong
- Argentina
- Ukraine
- Russia
- Ecuador
- Vietnam
- Netherlands
- Thailand
High ASN Sources Of DDOS Assaults
An ASN (Autonomous System Quantity) is a novel quantity assigned to networks or teams of networks that share the identical guidelines for routing web visitors. SEOs and publishers who observe the origin of unhealthy visitors and use .htaccess to dam thousands and thousands of IP ranges will acknowledge numerous the networks on this record. Hetzner, OVH, Tencent, Microsoft, the Google Cloud Platform, and Alibaba are all common suspects.
Based on Cloudflare, Hetzner dropped from first place because the origin of DDoS assaults to 3rd place. DigitalOcean was previously the primary supply of DDoS assaults and was pushed right down to place two by Drei‑Ok‑Tech‑GmbH, which jumped six locations to turn out to be the main supply of DDoS assaults.
High Ten Community Sources Of DDOS Assaults
- Drei-Ok-Tech-GmbH
- DigitalOcean
- Hetzner
- Microsoft
- Viettel
- Tencent
- OVH
- Chinanet
- Google Cloud Platform
- Alibaba
DDOS Assaults Might Be Higher Mitigated
Cloudflare famous that it has a program that permits cloud computing suppliers to quickly reply to unhealthy actors abusing its networks. It’s not simply DDoS assaults that originate at cloud and hosting suppliers; it’s additionally bots scanning for vulnerabilities and actively making an attempt to hack web sites. If extra suppliers joined Cloudflare, there may very well be fewer DDoS assaults, and the net could be loads safer place.
That is how Cloudflare explains it:
“To assist internet hosting suppliers, cloud computing suppliers and any Web service suppliers determine and take down the abusive accounts that launch these assaults, we leverage Cloudflare’s distinctive vantage level to offer a free DDoS Botnet Menace Feed for Service Suppliers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen nice collaboration throughout the neighborhood to take down botnet nodes.”
Learn the Cloudflare report:
Hyper-volumetric DDoS assaults skyrocket: Cloudflare’s 2025 Q2 DDoS risk report
