Cloudflare launched their 2025 Q2 DDoS Menace Report, which names the highest ten sources of DDoS assaults and cites companies concentrating on opponents as the biggest supply of DDoS assaults, in response to surveyed respondents who had recognized their attackers.
Survey: Who Attacked You?
Cloudflare surveyed prospects about DDoS assaults, and 29% claimed to have recognized the sources of these assaults. Of those that recognized the attackers, 63% pointed to opponents, the biggest of whom have been companies within the crypto, playing, and gaming industries. 21% of the respondents who recognized their attackers mentioned they have been victims of state‑sponsored assaults, and 5% mentioned that they had by chance attacked themselves, one thing that may occur with server misconfigurations
That is how Cloudflare defined it:
“When requested who was behind the DDoS assaults they skilled in 2025 Q2, the bulk (71%) of respondents mentioned they didn’t know who attacked them. Of the remaining 29% of respondents that claimed to have recognized the risk actor, 63% pointed to opponents, a sample particularly widespread within the Gaming, Playing and Crypto industries. One other 21% attributed the assault to state-level or state-sponsored actors, whereas 5% every mentioned they’d inadvertently attacked themselves (self-DDoS), have been focused by extortionists, or suffered an assault from disgruntled prospects/customers.”
Most Attacked Places
One would suppose that the US can be essentially the most attacked location, given what number of companies and web sites are positioned there. However essentially the most attacked location was China, which climbed from place three to place one. Brazil additionally climbed 4 positions to second place. Turkey dropped 4 positions to land in sixth place, and Hong Kong dropped to seventh place. Vietnam, nonetheless, jumped fifteen locations to land in eighth place.
Prime Ten Most DDoS-Attacked International locations
- China
- Germany
- India
- South Korea
- Turkey
- Hong Kong
- Vietnam
- Russia
- Azerbaijan
Prime Attacked Industries
Telecommunications was essentially the most attacked business, adopted by Web and Data Know-how Companies. Gaming and Playing have been the third and fourth most attacked industries, adopted by Banking/Monetary and Retail industries.
- Telecommunications
- Web
- Data Know-how and Companies
- Gaming
- Playing and Casinos
- Banking and monetary Companies
- Retail
- Agriculture
- Pc Software program
- Authorities
Prime Nation-Degree Sources Of DDOS Assaults
Cloudflare’s information reveals that Ukraine is the fifth‑largest supply of DDoS assaults, however doesn’t say which areas of Ukraine are accountable. After I take a look at my logs of bot assaults, the Ukrainian‑origin bots are persistently in Russian‑occupied territories. Cloudflare ought to have made a distinction about this level, for my part.
The nation of origin doesn’t imply that one nation is shiftier than one other. For instance, the Netherlands rank because the ninth‑largest supply of DDoS assaults, and that could be the case as a result of they’ve sturdy consumer privateness legal guidelines that defend VPN customers and are effectively positioned for low latency to each Europe and North America.
Cloudflare additionally present the next notice about country-level origins:
“It’s necessary to notice that these “supply” rankings mirror the place botnet nodes, proxy or VPN endpoints reside — not the precise location of risk actors. For L3/4 DDoS assaults, the place IP spoofing is rampant, we geolocate every packet to the Cloudflare information middle that first ingested and blocked it, drawing on our presence in over 330 cities for really granular accuracy.”
Prime Ten Nation Origins Of DDOS Assaults
- Indonesia
- Singapore
- Hong Kong
- Argentina
- Ukraine
- Russia
- Ecuador
- Vietnam
- Netherlands
- Thailand
Prime ASN Sources Of DDOS Assaults
An ASN (Autonomous System Quantity) is a singular quantity assigned to networks or teams of networks that share the identical guidelines for routing web visitors. SEOs and publishers who observe the origin of dangerous visitors and use .htaccess to dam hundreds of thousands of IP ranges will acknowledge quite a lot of the networks on this checklist. Hetzner, OVH, Tencent, Microsoft, the Google Cloud Platform, and Alibaba are all standard suspects.
In accordance with Cloudflare, Hetzner dropped from first place because the origin of DDoS assaults to 3rd place. DigitalOcean was previously the primary supply of DDoS assaults and was pushed right down to place two by Drei‑Okay‑Tech‑GmbH, which jumped six locations to develop into the main supply of DDoS assaults.
Prime Ten Community Sources Of DDOS Assaults
- Drei-Okay-Tech-GmbH
- DigitalOcean
- Hetzner
- Microsoft
- Viettel
- Tencent
- OVH
- Chinanet
- Google Cloud Platform
- Alibaba
DDOS Assaults May Be Higher Mitigated
Cloudflare famous that it has a program that permits cloud computing suppliers to quickly reply to dangerous actors abusing its networks. It’s not simply DDoS assaults that originate at cloud and hosting suppliers; it’s additionally bots scanning for vulnerabilities and actively making an attempt to hack web sites. If extra suppliers joined Cloudflare, there could possibly be fewer DDoS assaults, and the net can be loads safer place.
That is how Cloudflare explains it:
“To assist internet hosting suppliers, cloud computing suppliers and any Web service suppliers determine and take down the abusive accounts that launch these assaults, we leverage Cloudflare’s distinctive vantage level to offer a free DDoS Botnet Menace Feed for Service Suppliers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen nice collaboration throughout the group to take down botnet nodes.”
Learn the Cloudflare report:
Hyper-volumetric DDoS assaults skyrocket: Cloudflare’s 2025 Q2 DDoS risk report
