Cloudflare launched their 2025 Q2 DDoS Risk Report, which names the highest ten sources of DDoS assaults and cites companies focusing on opponents as the most important supply of DDoS assaults, in accordance with surveyed respondents who had recognized their attackers.
Survey: Who Attacked You?
Cloudflare surveyed clients about DDoS assaults, and 29% claimed to have recognized the sources of these assaults. Of those that recognized the attackers, 63% pointed to opponents, the most important of whom had been companies within the crypto, playing, and gaming industries. 21% of the respondents who recognized their attackers stated they had been victims of state‑sponsored assaults, and 5% stated that they had unintentionally attacked themselves, one thing that may occur with server misconfigurations
That is how Cloudflare defined it:
“When requested who was behind the DDoS assaults they skilled in 2025 Q2, the bulk (71%) of respondents stated they didn’t know who attacked them. Of the remaining 29% of respondents that claimed to have recognized the menace actor, 63% pointed to opponents, a sample particularly frequent within the Gaming, Playing and Crypto industries. One other 21% attributed the assault to state-level or state-sponsored actors, whereas 5% every stated they’d inadvertently attacked themselves (self-DDoS), had been focused by extortionists, or suffered an assault from disgruntled clients/customers.”
Most Attacked Areas
One would suppose that the USA can be essentially the most attacked location, given what number of companies and web sites are situated there. However essentially the most attacked location was China, which climbed from place three to place one. Brazil additionally climbed 4 positions to second place. Turkey dropped 4 positions to land in sixth place, and Hong Kong dropped to seventh place. Vietnam, nevertheless, jumped fifteen locations to land in eighth place.
High Ten Most DDoS-Attacked International locations
- China
- Germany
- India
- South Korea
- Turkey
- Hong Kong
- Vietnam
- Russia
- Azerbaijan
High Attacked Industries
Telecommunications was essentially the most attacked trade, adopted by Web and Data Know-how Companies. Gaming and Playing had been the third and fourth most attacked industries, adopted by Banking/Monetary and Retail industries.
- Telecommunications
- Web
- Data Know-how and Companies
- Gaming
- Playing and Casinos
- Banking and monetary Companies
- Retail
- Agriculture
- Laptop Software program
- Authorities
High Nation-Stage Sources Of DDOS Assaults
Cloudflare’s knowledge exhibits that Ukraine is the fifth‑largest supply of DDoS assaults, however doesn’t say which areas of Ukraine are accountable. Once I take a look at my logs of bot assaults, the Ukrainian‑origin bots are persistently in Russian‑occupied territories. Cloudflare ought to have made a distinction about this level, in my view.
The nation of origin doesn’t imply that one nation is shiftier than one other. For instance, the Netherlands rank because the ninth‑largest supply of DDoS assaults, and which may be the case as a result of they’ve robust person privateness legal guidelines that shield VPN customers and are properly positioned for low latency to each Europe and North America.
Cloudflare additionally present the next word about country-level origins:
“It’s essential to notice that these “supply” rankings replicate the place botnet nodes, proxy or VPN endpoints reside — not the precise location of menace actors. For L3/4 DDoS assaults, the place IP spoofing is rampant, we geolocate every packet to the Cloudflare knowledge heart that first ingested and blocked it, drawing on our presence in over 330 cities for really granular accuracy.”
High Ten Nation Origins Of DDOS Assaults
- Indonesia
- Singapore
- Hong Kong
- Argentina
- Ukraine
- Russia
- Ecuador
- Vietnam
- Netherlands
- Thailand
High ASN Sources Of DDOS Assaults
An ASN (Autonomous System Quantity) is a singular quantity assigned to networks or teams of networks that share the identical guidelines for routing web visitors. SEOs and publishers who monitor the origin of dangerous visitors and use .htaccess to dam thousands and thousands of IP ranges will acknowledge various the networks on this checklist. Hetzner, OVH, Tencent, Microsoft, the Google Cloud Platform, and Alibaba are all standard suspects.
In response to Cloudflare, Hetzner dropped from first place because the origin of DDoS assaults to 3rd place. DigitalOcean was previously the primary supply of DDoS assaults and was pushed right down to place two by Drei‑Okay‑Tech‑GmbH, which jumped six locations to change into the main supply of DDoS assaults.
High Ten Community Sources Of DDOS Assaults
- Drei-Okay-Tech-GmbH
- DigitalOcean
- Hetzner
- Microsoft
- Viettel
- Tencent
- OVH
- Chinanet
- Google Cloud Platform
- Alibaba
DDOS Assaults Might Be Higher Mitigated
Cloudflare famous that it has a program that enables cloud computing suppliers to quickly reply to dangerous actors abusing its networks. It’s not simply DDoS assaults that originate at cloud and webhosting suppliers; it’s additionally bots scanning for vulnerabilities and actively making an attempt to hack web sites. If extra suppliers joined Cloudflare, there could possibly be fewer DDoS assaults, and the net can be lots safer place.
That is how Cloudflare explains it:
“To assist internet hosting suppliers, cloud computing suppliers and any Web service suppliers establish and take down the abusive accounts that launch these assaults, we leverage Cloudflare’s distinctive vantage level to offer a free DDoS Botnet Risk Feed for Service Suppliers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen nice collaboration throughout the neighborhood to take down botnet nodes.”
Learn the Cloudflare report:
Hyper-volumetric DDoS assaults skyrocket: Cloudflare’s 2025 Q2 DDoS menace report
