Cloudflare launched their 2025 Q2 DDoS Risk Report, which names the highest ten sources of DDoS assaults and cites companies concentrating on rivals as the most important supply of DDoS assaults, in keeping with surveyed respondents who had recognized their attackers.
Survey: Who Attacked You?
Cloudflare surveyed clients about DDoS assaults, and 29% claimed to have recognized the sources of these assaults. Of those that recognized the attackers, 63% pointed to rivals, the most important of whom have been companies within the crypto, playing, and gaming industries. 21% of the respondents who recognized their attackers mentioned they have been victims of state‑sponsored assaults, and 5% mentioned they’d unintentionally attacked themselves, one thing that may occur with server misconfigurations
That is how Cloudflare defined it:
“When requested who was behind the DDoS assaults they skilled in 2025 Q2, the bulk (71%) of respondents mentioned they didn’t know who attacked them. Of the remaining 29% of respondents that claimed to have recognized the risk actor, 63% pointed to rivals, a sample particularly widespread within the Gaming, Playing and Crypto industries. One other 21% attributed the assault to state-level or state-sponsored actors, whereas 5% every mentioned they’d inadvertently attacked themselves (self-DDoS), have been focused by extortionists, or suffered an assault from disgruntled clients/customers.”
Most Attacked Areas
One would assume that the USA could be essentially the most attacked location, given what number of companies and web sites are situated there. However essentially the most attacked location was China, which climbed from place three to place one. Brazil additionally climbed 4 positions to second place. Turkey dropped 4 positions to land in sixth place, and Hong Kong dropped to seventh place. Vietnam, nevertheless, jumped fifteen locations to land in eighth place.
High Ten Most DDoS-Attacked Nations
- China
- Brazil
- Germany
- India
- South Korea
- Turkey
- Hong Kong
- Vietnam
- Russia
- Azerbaijan
High Attacked Industries
Telecommunications was essentially the most attacked trade, adopted by Web and Info Know-how Providers. Gaming and Playing have been the third and fourth most attacked industries, adopted by Banking/Monetary and Retail industries.
- Telecommunications
- Web
- Info Know-how and Providers
- Gaming
- Playing and Casinos
- Banking and monetary Providers
- Retail
- Agriculture
- Pc Software program
- Authorities
High Nation-Stage Sources Of DDOS Assaults
Cloudflare’s knowledge exhibits that Ukraine is the fifth‑largest supply of DDoS assaults, however doesn’t say which areas of Ukraine are accountable. After I take a look at my logs of bot assaults, the Ukrainian‑origin bots are persistently in Russian‑occupied territories. Cloudflare ought to have made a distinction about this level, in my view.
The nation of origin doesn’t imply that one nation is shiftier than one other. For instance, the Netherlands rank because the ninth‑largest supply of DDoS assaults, and which may be the case as a result of they’ve robust person privateness legal guidelines that shield VPN customers and are nicely positioned for low latency to each Europe and North America.
Cloudflare additionally present the next be aware about country-level origins:
“It’s essential to notice that these “supply” rankings replicate the place botnet nodes, proxy or VPN endpoints reside — not the precise location of risk actors. For L3/4 DDoS assaults, the place IP spoofing is rampant, we geolocate every packet to the Cloudflare knowledge heart that first ingested and blocked it, drawing on our presence in over 330 cities for really granular accuracy.”
High Ten Nation Origins Of DDOS Assaults
- Indonesia
- Singapore
- Hong Kong
- Argentina
- Ukraine
- Russia
- Ecuador
- Vietnam
- Netherlands
- Thailand
High ASN Sources Of DDOS Assaults
An ASN (Autonomous System Quantity) is a singular quantity assigned to networks or teams of networks that share the identical guidelines for routing web visitors. SEOs and publishers who observe the origin of dangerous visitors and use .htaccess to dam tens of millions of IP ranges will acknowledge various the networks on this checklist. Hetzner, OVH, Tencent, Microsoft, the Google Cloud Platform, and Alibaba are all normal suspects.
In response to Cloudflare, Hetzner dropped from first place because the origin of DDoS assaults to 3rd place. DigitalOcean was previously the primary supply of DDoS assaults and was pushed right down to place two by Drei‑Okay‑Tech‑GmbH, which jumped six locations to develop into the main supply of DDoS assaults.
High Ten Community Sources Of DDOS Assaults
- Drei-Okay-Tech-GmbH
- DigitalOcean
- Hetzner
- Microsoft
- Viettel
- Tencent
- OVH
- Chinanet
- Google Cloud Platform
- Alibaba
DDOS Assaults May Be Higher Mitigated
Cloudflare famous that it has a program that enables cloud computing suppliers to quickly reply to dangerous actors abusing its networks. It’s not simply DDoS assaults that originate at cloud and website hosting suppliers; it’s additionally bots scanning for vulnerabilities and actively making an attempt to hack web sites. If extra suppliers joined Cloudflare, there may very well be fewer DDoS assaults, and the online could be so much safer place.
That is how Cloudflare explains it:
“To assist internet hosting suppliers, cloud computing suppliers and any Web service suppliers determine and take down the abusive accounts that launch these assaults, we leverage Cloudflare’s distinctive vantage level to offer a free DDoS Botnet Risk Feed for Service Suppliers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen nice collaboration throughout the group to take down botnet nodes.”
Learn the Cloudflare report:
Hyper-volumetric DDoS assaults skyrocket: Cloudflare’s 2025 Q2 DDoS risk report
