CloudflareCloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets
Read Full ArticleSummary
Cloudflare's 2025 Q3 DDoS threat report reveals a significant escalation in DDoS attacks, particularly driven by the Aisuru botnet, which has been responsible for unprecedented hyper-volumetric attacks. The report highlights a 54% increase in such attacks compared to the previous quarter, with Aisuru's capabilities allowing it to disrupt major sectors including telecommunications and financial services. The report also notes a surge in DDoS attacks against AI companies, reflecting broader concerns about AI regulation and security. The findings underscore the evolving threat landscape and the necessity for robust DDoS mitigation strategies in the face of increasingly sophisticated attacks.
Key Learnings
- 1The Aisuru botnet has demonstrated the ability to execute DDoS attacks exceeding 29.7 Tbps, highlighting the need for advanced mitigation strategies.
- 2DDoS attacks against AI companies surged by 347% in September 2025, indicating a correlation between public sentiment on AI and cyber threats.
- 3Network-layer DDoS attacks accounted for 71% of total attacks, emphasizing the importance of focusing on this layer for effective defense.
- 4The report illustrates that short-lived DDoS attacks can cause significant disruption, necessitating rapid response mechanisms.
- 5Geopolitical events have a direct impact on DDoS attack trends, as seen with increased attacks during protests and trade tensions.
Who Should Read This
Senior Security Engineers analyzing DDoS attack trends and developing advanced mitigation strategies.
Test Your Knowledge
What are the implications of the Aisuru botnet's capabilities on the current DDoS mitigation strategies employed by organizations?
How do geopolitical events influence the frequency and targets of DDoS attacks as observed in the report?
What design decisions should organizations consider when implementing DDoS protection in light of the evolving threat landscape?
In what scenarios might traditional DDoS mitigation solutions fail against hyper-volumetric attacks like those from Aisuru?
What trade-offs exist between automated DDoS mitigation and manual intervention in response to complex attack patterns?
Topics
More articles about Ddos
Explore Ddos engineering →2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults
The 2025 Q4 DDoS threat report by Cloudflare reveals a significant escalation in DDoS attacks, with a record-setting attack of 31.4 Tbps marking a year of unprecedented assaults. The report...
The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
The 2025 Cloudflare Radar Year in Review highlights significant trends in internet traffic, AI adoption, and security challenges, including record-breaking DDoS attacks. The report reveals a 19%...
Go and enhance your calm: demolishing an HTTP/2 interop problem
The article discusses a critical issue encountered in a microservices architecture using HTTP/2, specifically related to the ErrCode=ENHANCE_YOUR_CALM error triggered by PING flood attacks. It...
Behind the Zero-Trust Infrastructure Powering Agentforce 360 Platform: Protecting 20 Trillion Transactions
The article explores the implementation of a zero-trust infrastructure for Salesforce's Agentforce 360 platform, which processes over 20 trillion transactions annually. It highlights the...
More from Cloudflare Engineering
View Cloudflare engineering blogs →Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
The article outlines Cloudflare One's evolution in data security, emphasizing a unified approach that encompasses protection in transit, visibility and control at rest, and enforcement in use. It...
A QUICker SASE client: re-building Proxy Mode
The article outlines the challenges faced by security teams when implementing proxy modes in SASE environments, particularly the performance issues associated with traditional TCP implementations. It...