Cloudflare Sees Record Spike in DDoS Attacks in Q1 2025
Home » Emerging technologies » Cyber Security » Cloudflare Sees Record Spike in DDoS Attacks in Q1 2025
Cloudflare, Inc., the security, performance, and reliability company, has released its Q1 2025 DDoS report. The report highlights trends and insights from one of the world's largest global networks. The findings point to a sharp rise in DDoS attacks across industries and regions.
In just the first quarter of 2025, Cloudflare mitigated 20.5 million DDoS attacks. This figure nearly matches the total for all of 2024, which stood at 21.3 million. The company's autonomous systems blocked 96% of the previous year's total volume in just three months.
Network-layer attacks surged the most. Cloudflare mitigated 16.8 million such attacks in Q1 2025. That's a 397% increase quarter-over-quarter and a 509% increase year-over-year. HTTP DDoS attacks rose by 7% QoQ and 118% YoY.
Hyper-volumetric attacks have become more frequent. Cloudflare blocked over 700 attacks exceeding 1 Tbps or 1 billion packets per second (Bpps). On average, it faced eight of these per day. Most were UDP-based and classified as network-layer DDoS.
Key observations: About 4 in 100,000 network-layer attacks were hyper-volumetric.
6 in 100 HTTP DDoS attacks exceeded 1 million requests per second (rps).
99% of L3/4 attacks remained under 1 Gbps and 1M pps.
94% of HTTP DDoS attacks were below 1M rps.
Most attacks were short. 89% of network-layer and 75% of HTTP DDoS attacks ended within 10 minutes. Some of the largest attacks lasted just a minute, leaving little time for human response.
Cloudflare identified Germany as the top target in Q1. The country jumped four spots to take first place. Turkey surged 11 positions to second. China dropped to third. Meanwhile, Hong Kong became the top source of DDoS attacks, followed by Indonesia and Argentina.
New attack vectors also gained traction. CLDAP reflection attacks saw a 3,488% QoQ increase. CLDAP, a UDP-based variant of LDAP, enables IP spoofing and is being abused for amplification. ESP reflection attacks rose by 2,301% QoQ. ESP, part of the IPsec protocol, can be exploited if misconfigured systems are targeted.
Industries affected the most in Q1 include: Gambling & Casinos (top target, up 4 spots)
Telecommunications (second place)
Information Technology & Services
Internet
Gaming
The Airlines, Aviation & Aerospace sector had the largest leap, moving up 40 positions to enter the top 10.
The top five source countries for DDoS attacks were: Hong Kong Indonesia Argentina Singapore Ukraine
Bashar Bashaireh, AVP Middle East, Türkiye & North Africa at Cloudflare, stated, 'Many organizations still adopt DDoS protection only after an incident or rely on outdated solutions. Our data shows that proactive, always-on strategies are more effective. That's why we focus on automation and in-line protection, powered by our 348 Tbps global network.'
Cloudflare's findings underline a shift in the cyber threat landscape. The scale, speed, and volume of DDoS attacks continue to increase. Businesses are urged to adopt real-time, automated protection to remain resilient.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
3 days ago
- Channel Post MEA
Help AG Deepens Partnership With F5
Help AG, the cybersecurity arm of e& enterprise, has inked a strategic partnership agreement to be the first Managed Services Provider (MSP) partner for F5 in the Middle East region. Building on a long-standing partnership with F5, Help AG has launched its next-generation Managed App and API Protection Service based on the F5 Distributed Cloud Platform. This is an always-on, cloud-delivered managed service for the AI era, designed to secure modern digital infrastructure across public, private, edge, and hybrid cloud environments. Today's threat landscape is more complex, with malicious actors being able to access a broader attack surface as enterprises rapidly shift towards API-driven architectures, edge computing, and cloud-native applications. From automated bot attacks and API abuse to sophisticated Distributed Denial of Service (DDoS) attempts, the pressure on security teams has never been greater. The problem is exacerbated by the fact that many enterprises lack the knowledge and tools to protect themselves against these types of attacks Help AG's Managed App and Application Protection service directly addresses these evolving challenges by providing multi-layered protection as a managed, Software-as-a-Service (SaaS) offering. Backed by F5's globally recognised F5 Distributed Cloud Services and operated 24×7 by Help AG's expert SOC team, the new service enables clients to simplify operations, ensure compliance, and respond to threats in real time. Leveraging Help AG's local expertise and managed service leadership, businesses can now deploy resilient, compliant, and cost-efficient application protection. Stephan Berner, Chief Executive Officer of Help AG, said: 'This is a strategic leap forward for enterprise security. Our collaboration with F5 reflects our shared vision of securing every application, API, and digital interaction, at scale. With this new service, we are providing regional organisations with enterprise-grade security that is proactive, cost-effective, and built for the cloud-first era.' The solution provides unified protection that includes Web Application Firewall (WAF), advanced bot mitigation, API discovery and security, plus DDoS defence; all accessible through a centralised SaaS-based management console that ensures full visibility and control. Clients benefit from flexible deployment models across regional and customer edge locations, hybrid setups, and full support and continuous tuning by Help AG's expert teams. Mustapha Hlil, Director of Channel Sales for the Middle East, Türkiye and Africa at F5, commented: 'As cyber threats become more sophisticated and widespread, the need for always-on, adaptable security has become mission-critical. Help AG's security expertise, managed services leadership and state-of-the-art SOC with 24×7 support – combined with the F5 Distributed Cloud platform – provides a powerful solution for customers navigating complex digital transformation journeys. It will also significantly help enterprises lacking the expertise to deploy and manage security solutions.' The launch marks a new chapter in the Help AG and F5 partnership, further strengthening their joint commitment to securing the region's digital future and helping organisations build trust in every digital interaction. 0 0
Arabian Post
5 days ago
- Arabian Post
LightEdge Fortifies Hybrid Cloud Security with $1.2M Corero Upgrade
LightEdge, a provider of hybrid hosting solutions, has expanded its collaboration with Corero Network Security through a $1.2 million agreement aimed at enhancing its defence against distributed denial-of-service attacks. This strategic move involves the deployment of Corero's SmartWall ONE platform across LightEdge's global data centre network, replacing an existing competitor's solution. The expanded partnership underscores LightEdge's commitment to bolstering its cybersecurity framework, particularly as organisations increasingly adopt hybrid and private cloud environments. The integration of Corero's technology is designed to provide real-time, adaptive DDoS mitigation with sub-second response times, ensuring minimal disruption to services. Carl Herberger, CEO of Corero Network Security, highlighted the significance of the collaboration, stating, 'LightEdge is helping businesses thrive in the hybrid cloud era—where performance, compliance, and uptime are non-negotiable. We're proud to deepen our partnership, delivering protection that's as scalable and dynamic as the threats it defends against.' ADVERTISEMENT Michael Hannan, CIO & CSO at LightEdge, emphasised the importance of the upgrade, noting, 'Unifying and streamlining our security strategy makes sense for our hybrid cloud business, enabling us to adapt to our truly hybrid and highly-compliant client environments. Expanding with Corero was the clear choice to continue a relationship that has consistently delivered for us over the years.' The deployment of SmartWall ONE is expected to enhance LightEdge's ability to protect its infrastructure from sophisticated DDoS attacks, which have become increasingly prevalent in the digital landscape. The platform's capability to operate inline, at the edge, or within hybrid cloud configurations offers flexibility and scalability, aligning with LightEdge's diverse service offerings. This development reflects a broader industry trend towards adopting advanced, AI-ready security solutions that can adapt in real-time to evolving threats. As cyberattacks grow in complexity and frequency, the need for robust, responsive defence mechanisms becomes paramount for service providers and their clients.
TECHx
28-05-2025
- TECHx
Qualys TotalAI Enhances LLM Security Features
Home » Tech Value Chain » Global Brands » Qualys TotalAI Enhances LLM Security Features Qualys, Inc. (NASDAQ: QLYS) has announced major updates to its Qualys TotalAI solution. The enhancements aim to secure the complete MLOps pipeline, from development to deployment. The company revealed that organizations can now test large language models (LLMs) more rapidly, even during development cycles. These updates bring stronger protection against new threats and introduce on-premises scanning with an internal LLM scanner. As AI adoption accelerates, security remains a critical concern. A recent study reported that 72% of CISOs are worried generative AI could cause breaches. Enterprises need tools that balance innovation with secure implementation. Tyler Shields, principal analyst at Enterprise Strategy Group, emphasized the importance of security. He noted that Qualys TotalAI allows only trusted, vetted models in production, helping organizations manage risk while remaining agile. Qualys TotalAI addresses AI-specific risks. It tests models for jailbreak vulnerabilities, bias, sensitive data leaks, and threats aligned with the OWASP Top 10 for LLMs. The solution goes beyond infrastructure checks and supports operational resilience and brand trust. Key updates include: Automatic risk prioritization: Using MITRE ATLAS and the Qualys TruRisk™ engine, risks are scored and ranked for faster resolution. Secure development integration: On-premises LLM scanning enables in-house testing during CI/CD workflows, improving agility and protection. The platform also detects 40 types of attack scenarios. These include jailbreaks, prompt injections, bias amplification, and multilingual exploits. These scenarios simulate real-world tactics to improve model resilience. Another update is protection from cross-modal exploits. TotalAI can now detect manipulations hidden in images, audio, and video files meant to alter LLM outputs. Sumedh Thakar, president and CEO of Qualys, said the solution offers visibility, intelligence, and automation across AI lifecycles. He added that TotalAI helps companies innovate confidently while staying ahead of emerging threats. Qualys TotalAI is now positioned as one of the most comprehensive AI security solutions available today.
