Cloudflare2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults
Read Full ArticleSummary
The 2025 Q4 DDoS threat report by Cloudflare reveals a significant escalation in DDoS attacks, with a record-setting attack of 31.4 Tbps marking a year of unprecedented assaults. The report highlights the surge in DDoS incidents, particularly network-layer attacks, which tripled compared to the previous year. The Aisuru-Kimwolf botnet, responsible for hyper-volumetric attacks, exemplifies the evolving threat landscape, targeting critical infrastructure and demonstrating the need for robust DDoS mitigation strategies. The report also discusses the geographical distribution of attacks and the industries most affected, emphasizing the importance of adaptive defense mechanisms in the face of growing sophistication in DDoS tactics.
Key Learnings
- 1DDoS attacks surged by 121% in 2025, necessitating enhanced defensive measures.
- 2The Aisuru-Kimwolf botnet exemplifies the threat posed by malware-infected devices in launching large-scale attacks.
- 3Network-layer DDoS attacks accounted for 78% of all attacks in Q4 2025, highlighting a shift in attack strategies.
- 4Cloudflare's autonomous DDoS mitigation systems were effective in detecting and mitigating attacks in real-time.
- 5The report underscores the need for organizations to reevaluate their DDoS defense strategies to cope with evolving threats.
Who Should Read This
Senior Security Engineers analyzing DDoS attack trends and enhancing mitigation strategies for critical infrastructure.
Test Your Knowledge
What are the implications of the 121% increase in DDoS attacks for enterprise security strategies?
How does the Aisuru-Kimwolf botnet's architecture contribute to its effectiveness in launching attacks?
What design decisions can organizations make to enhance their resilience against network-layer DDoS attacks?
In what scenarios might traditional DDoS mitigation strategies fail, and how can organizations prepare for these failures?
Why is it critical for organizations to adopt autonomous DDoS mitigation systems in the current threat landscape?
Topics
More articles about Ddos
Explore Ddos engineering →The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
The 2025 Cloudflare Radar Year in Review highlights significant trends in internet traffic, AI adoption, and security challenges, including record-breaking DDoS attacks. The report reveals a 19%...
Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets
Cloudflare's 2025 Q3 DDoS threat report reveals a significant escalation in DDoS attacks, particularly driven by the Aisuru botnet, which has been responsible for unprecedented hyper-volumetric...
Go and enhance your calm: demolishing an HTTP/2 interop problem
The article discusses a critical issue encountered in a microservices architecture using HTTP/2, specifically related to the ErrCode=ENHANCE_YOUR_CALM error triggered by PING flood attacks. It...
Behind the Zero-Trust Infrastructure Powering Agentforce 360 Platform: Protecting 20 Trillion Transactions
The article explores the implementation of a zero-trust infrastructure for Salesforce's Agentforce 360 platform, which processes over 20 trillion transactions annually. It highlights the...
More from Cloudflare Engineering
View Cloudflare engineering blogs →Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
The article outlines Cloudflare One's evolution in data security, emphasizing a unified approach that encompasses protection in transit, visibility and control at rest, and enforcement in use. It...
A QUICker SASE client: re-building Proxy Mode
The article outlines the challenges faced by security teams when implementing proxy modes in SASE environments, particularly the performance issues associated with traditional TCP implementations. It...