Cloudflare report reveals surge in internet shutdowns & outages
Return of shutdowns
This quarter, Cloudflare observed a return of government-directed Internet shutdowns in several countries, reversing the positive trend seen in the previous quarter. The report states, "In our Q1 2025 summary post, we noted that we had not observed any government-directed Internet shutdowns during the quarter. Unfortunately, that forward progress was short-lived - in the second quarter of 2025, we observed shutdowns in Libya, Iran, Iraq, Syria, and Panama."
Multiple shutdowns were enforced in Libya, particularly following public protests against the Government of National Unity. In Iran, a series of three shutdowns in June followed escalating regional tensions and claims of cyber threats to national infrastructure. The government stated, "In light of the country's special circumstances and based on the measures taken by the competent authorities, temporary restrictions have been imposed on the country's Internet. It is obvious that these restrictions will be lifted once normal conditions are restored." "We have previously stated that if necessary, we will certainly switch to a national internet and restrict global internet access. Security is our main concern, and we are witnessing cyberattacks on the country's critical infrastructure and disruptions in the functioning of banks. Many of the enemy's drones are managed and controlled via the internet, and a large amount of information is exchanged this way. A cryptocurrency exchange was also hacked, and considering all these issues, we have decided to impose Internet restrictions."
Iraq and Syria continued their practice of exam-related shutdowns. In Iraq, regular outages spanning hours took place across both the main part of the country and the Kurdistan region, aimed at preventing cheating during national school exams. In Syria, the 2025 shutdowns targeted only cellular connectivity and were limited to times and regions near exam centres.
In Panama, shutdowns were implemented in the province of Bocas del Toro amid protests, driven by official instructions with service restoration tracking the cessation of related demonstrations. The regulator stated, "...in compliance with Cabinet Decree No. 27 of June 20, 2025, and by formal instruction from the Ministry of Government, the temporary suspension of mobile telephony and residential internet services in the province of Bocas del Toro has been coordinated." A subsequent update confirmed, "... Internet and cellular telephone services in the province of Bocas del Toro have been restored as of 12:01 a.m. on Monday, June 30..."
Power infrastructure failures
Major power outages also impacted Internet connectivity, most notably across Portugal and Spain on 28 April. In Portugal, traffic dropped by approximately 50 percent immediately, further declining to 90 percent below normal levels within five hours. Spain experienced a similar reduction, with a 60 percent initial drop, falling to an 80 percent reduction over five hours. Internet traffic in both countries recovered as the power was restored early the following day.
Morocco's Orange Maroc reported international connectivity problems resulting from the Iberian power outage, and smaller-scale incidents in Puerto Rico, Saint Kitts and Nevis, North Macedonia, the Maldives and Curaçao all led to significant local disruptions.
Physical cable damage
Fibre optic infrastructure damage was another notable cause. In Haiti, two instances of damage to Digicel Haiti's fibre optic cables resulted in the provider and its networks going offline for several hours in May. In a translated statement, Digicel Haiti's Director General explained the cause. Airtel Malawi experienced a 90-minute outage on 24 June due to vandalism of their fibre lines, with service interruptions affecting both IPv4 and IPv6 connectivity.
Cyberattacks and technical faults
The report highlights the impact of cyber threats and operational problems at major service providers. Russian internet operator ASVT was hit by a major distributed denial-of-service (DDoS) attack, causing an 10-hour outage and continued disruption over several days. The attack reportedly reached 70.07 Gbps and 6.92 million packets per second, causing traffic to collapse to near zero for the period.
Technical missteps also caused issues in other markets. Bell Canada suffered a significant, albeit brief, outage due to a router update in May, while Lumen/CenturyLink users in North America lost connectivity for several hours after suspected DNS-related issues. Bell Canada's quick response restored service within an hour after rolling back the problematic update.
Unexplained disruptions
The report also includes cases where the underlying causes were not disclosed or remain unknown. Outages in Finland (Telia), the Philippines (SkyCable), Thailand (TrueMove H), and Syria included sharp drops in traffic and disruptions to network address announcements, but few official details were made available.
Regional implications
The report underscores the increasing challenges faced by all nations dependent on digital infrastructure. For Australia and New Zealand, the findings raise concerns regarding their own cyber readiness and the resilience of critical regional networks in the event of cascading failures caused by events abroad. The interconnected nature of Internet and power infrastructure means that issues in distant markets can reverberate globally.
Cloudflare's analysts concluded their summary stating, "Government-directed Internet shutdowns returned with a vengeance in the second quarter, and that trend continues into the third quarter, though the latest ones have been exam-related, and not driven by protests. And while power-outage related Internet disruptions have frequently been observed in the past, often in smaller countries with less stable infrastructure, the massive outage in Spain and Portugal on April 28 reminds us that much like the Internet, electrical infrastructure is often interconnected across countries, meaning that problems in one can potentially cause significant problems in others."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
3 days ago
- RNZ News
SpaceX seeks cause of Starlink's global satellite network outage
Starlink is a satellite internet provider. Photo: 123RF SpaceX's Starlink satellite network was back up and running on Friday (local time) as engineers hunted for the root cause of one of its biggest international outages the night before, a rare disruption for the powerful internet system set off by an internal software failure. Users in the US and Europe began experiencing the outage at around 3pm EDT Thursday (7am NZST Friday), according to Downdetector, a crowdsourced outage tracker that said as many as 61,000 user reports to the site were made. In Ukraine, where troops rely heavily on Starlink for battlefield communications, the outage affected combat operations as service was "down across the entire front", said Robert Brovdi, the commander of Ukraine's drone forces. Starlink, active in roughly 140 countries and territories and used by a growing number of militaries and government agencies, is a key source of revenue for Elon Musk's SpaceX. The network has grown rapidly since 2020 into a disruptive force in the satellite communications industry. Starlink acknowledged the outage on its X account on Thursday and said "we are actively implementing a solution." The service mostly resumed after two and a half hours, Michael Nicolls, SpaceX vice president of Starlink Engineering, wrote on X. By 8pm, the company wrote on X that the "network issue has been resolved, and Starlink service has been restored". "The outage was due to failure of key internal software services that operate the core network," Nicolls said, apologising for the disruption and vowing to find its cause. Musk also apologised: "Sorry for the outage. SpaceX will remedy root cause to ensure it doesn't happen again," the SpaceX chief executive wrote on X. The outage was a rare hiccup for SpaceX's most commercially sensitive business. Experts speculated whether the service, known for its resilience and speedy development, was beset by a glitch, a botched software update or perhaps a cyberattack. Doug Madory, an expert at the internet analysis firm Kentik, said such a sweeping global outage was unusual. "This is likely the longest outage ever for Starlink, at least while it became a major service provider," Madory said. As Starlink amasses more than 6 million users, SpaceX has focused in recent months on updating its network to accommodate demands for higher speed and bandwidth. The company, in a partnership with T-Mobile, is also expanding the constellation with larger, more powerful satellites to offer direct-to-cell text messaging services, a line of business in which mobile phone users can send emergency text messages through the network in rural areas. SpaceX has launched more than 8000 Starlink satellites since 2020, building a uniquely distributed network in low-Earth orbit that has attracted intense demand from militaries, transportation industries and consumers in rural areas with poor access to traditional, fiber-based internet. "I'd speculate this is a bad software update, not entirely dissimilar to the CrowdStrike mess with Windows last year, or a cyberattack," said Gregory Falco, director of a space and cybersecurity laboratory at Cornell University. An update to CrowdStrike's widely used cybersecurity software led to worldwide flight cancellations and impacted industries around the globe in July last year. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices. It was unclear whether Thursday's outage affected SpaceX's other satellite-based services that rely on the Starlink network. Starshield, the company's military satellite business unit, has billions of dollars' worth of contracts with the Pentagon and US intelligence agencies. Separately, Reuters reported on Friday that Musk ordered a partial shutdown of Starlink during a pivotal push by Ukraine to retake territory in its war with Russia in late September 2022. - Reuters
Techday NZ
5 days ago
- Techday NZ
Cloudflare report reveals surge in internet shutdowns & outages
Cloudflare has released its Q2 2025 Internet Disruptions Report, outlining a series of significant global disruptions to Internet connectivity caused by government actions, infrastructure failures, fibre optic cable damage and cyberattacks. Return of shutdowns This quarter, Cloudflare observed a return of government-directed Internet shutdowns in several countries, reversing the positive trend seen in the previous quarter. The report states, "In our Q1 2025 summary post, we noted that we had not observed any government-directed Internet shutdowns during the quarter. Unfortunately, that forward progress was short-lived - in the second quarter of 2025, we observed shutdowns in Libya, Iran, Iraq, Syria, and Panama." Multiple shutdowns were enforced in Libya, particularly following public protests against the Government of National Unity. In Iran, a series of three shutdowns in June followed escalating regional tensions and claims of cyber threats to national infrastructure. The government stated, "In light of the country's special circumstances and based on the measures taken by the competent authorities, temporary restrictions have been imposed on the country's Internet. It is obvious that these restrictions will be lifted once normal conditions are restored." "We have previously stated that if necessary, we will certainly switch to a national internet and restrict global internet access. Security is our main concern, and we are witnessing cyberattacks on the country's critical infrastructure and disruptions in the functioning of banks. Many of the enemy's drones are managed and controlled via the internet, and a large amount of information is exchanged this way. A cryptocurrency exchange was also hacked, and considering all these issues, we have decided to impose Internet restrictions." Iraq and Syria continued their practice of exam-related shutdowns. In Iraq, regular outages spanning hours took place across both the main part of the country and the Kurdistan region, aimed at preventing cheating during national school exams. In Syria, the 2025 shutdowns targeted only cellular connectivity and were limited to times and regions near exam centres. In Panama, shutdowns were implemented in the province of Bocas del Toro amid protests, driven by official instructions with service restoration tracking the cessation of related demonstrations. The regulator stated, "...in compliance with Cabinet Decree No. 27 of June 20, 2025, and by formal instruction from the Ministry of Government, the temporary suspension of mobile telephony and residential internet services in the province of Bocas del Toro has been coordinated." A subsequent update confirmed, "... Internet and cellular telephone services in the province of Bocas del Toro have been restored as of 12:01 a.m. on Monday, June 30..." Power infrastructure failures Major power outages also impacted Internet connectivity, most notably across Portugal and Spain on 28 April. In Portugal, traffic dropped by approximately 50 percent immediately, further declining to 90 percent below normal levels within five hours. Spain experienced a similar reduction, with a 60 percent initial drop, falling to an 80 percent reduction over five hours. Internet traffic in both countries recovered as the power was restored early the following day. Morocco's Orange Maroc reported international connectivity problems resulting from the Iberian power outage, and smaller-scale incidents in Puerto Rico, Saint Kitts and Nevis, North Macedonia, the Maldives and Curaçao all led to significant local disruptions. Physical cable damage Fibre optic infrastructure damage was another notable cause. In Haiti, two instances of damage to Digicel Haiti's fibre optic cables resulted in the provider and its networks going offline for several hours in May. In a translated statement, Digicel Haiti's Director General explained the cause. Airtel Malawi experienced a 90-minute outage on 24 June due to vandalism of their fibre lines, with service interruptions affecting both IPv4 and IPv6 connectivity. Cyberattacks and technical faults The report highlights the impact of cyber threats and operational problems at major service providers. Russian internet operator ASVT was hit by a major distributed denial-of-service (DDoS) attack, causing an 10-hour outage and continued disruption over several days. The attack reportedly reached 70.07 Gbps and 6.92 million packets per second, causing traffic to collapse to near zero for the period. Technical missteps also caused issues in other markets. Bell Canada suffered a significant, albeit brief, outage due to a router update in May, while Lumen/CenturyLink users in North America lost connectivity for several hours after suspected DNS-related issues. Bell Canada's quick response restored service within an hour after rolling back the problematic update. Unexplained disruptions The report also includes cases where the underlying causes were not disclosed or remain unknown. Outages in Finland (Telia), the Philippines (SkyCable), Thailand (TrueMove H), and Syria included sharp drops in traffic and disruptions to network address announcements, but few official details were made available. Regional implications The report underscores the increasing challenges faced by all nations dependent on digital infrastructure. For Australia and New Zealand, the findings raise concerns regarding their own cyber readiness and the resilience of critical regional networks in the event of cascading failures caused by events abroad. The interconnected nature of Internet and power infrastructure means that issues in distant markets can reverberate globally. Cloudflare's analysts concluded their summary stating, "Government-directed Internet shutdowns returned with a vengeance in the second quarter, and that trend continues into the third quarter, though the latest ones have been exam-related, and not driven by protests. And while power-outage related Internet disruptions have frequently been observed in the past, often in smaller countries with less stable infrastructure, the massive outage in Spain and Portugal on April 28 reminds us that much like the Internet, electrical infrastructure is often interconnected across countries, meaning that problems in one can potentially cause significant problems in others."
Techday NZ
15-07-2025
- Techday NZ
Cloudflare records largest DDoS attack at 7.3 Tbps in Q2 2025
Cloudflare's latest DDoS Threat Report for Q2 2025 highlights a year-on-year increase in both the scale and complexity of distributed denial-of-service (DDoS) attacks against online infrastructure. The report documents a significant rise in the severity of attacks despite a quarter-on-quarter decline in overall volumes. During the quarter, Cloudflare automatically blocked the largest DDoS attack ever recorded, which peaked at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps). Over 6,500 hyper-volumetric attacks were mitigated between April and June, averaging 71 per day. Year-on-year, total DDoS activity was up 44%, and HTTP-based attacks saw a 129% rise compared to Q2 2024. Although the volume of attacks lessened since the unprecedented surge in early 2025, cybercriminals employed larger and more frequent hyper-volumetric assaults. Notably, June accounted for nearly 38% of all observed DDoS activity in the quarter. Critical targets and sectors Telecommunications, service providers, and carriers experienced the highest targeting rates during the period, reclaiming their position as the most attacked sector. The report notes that critical infrastructure remains under sustained threat from DDoS campaigns, while industries such as gaming, gambling, and crypto continued to attribute attacks to competitor actions. Cloudflare emphasised that all incidents detailed in the report were "automatically detected and blocked by our autonomous defenses." Attack types and patterns The company mitigated 7.3 million DDoS attacks in Q2 2025, a decrease from 20.5 million in the first quarter. This decline was attributed to the end of an 18-day campaign against Cloudflare and other protected infrastructure, which alone accounted for a substantial number of attacks earlier in the year. Despite the dip, 2025's year-to-date DDoS events equate to 130% of all attacks recorded in the full year of 2024. Layer 3 / Layer 4 (L3/4) DDoS attacks fell sharply by 81% quarter-over-quarter to 3.2 million, while HTTP DDoS attacks rose 9% to 4.1 million. Six out of every 100 HTTP DDoS attacks exceeded 1 million requests per second, and five out of every 10,000 L3/4 attacks surpassed 1 Tbps, representing a 1,150% increase from the previous quarter. Emerging threats evolve The quarter saw surges in attacks using legacy and lesser-known protocols. Teeworlds flood attacks increased 385% quarter-over-quarter, RIPv1 floods by 296%, RDP floods by 173%, and Demon Bot floods by 149%. A resurgence of VxWorks floods was also observed. These tactics demonstrate attackers' ongoing experimentation to bypass traditional defences. Of note, the majority (71%) of HTTP DDoS attacks reported in Q2 2025 were launched by known botnets, with Cloudflare's network using real-time threat intelligence to rapidly block criminal infrastructure as it shifts tactics. Ransom and hyper-volumetric attacks The percentage of Cloudflare customers reporting ransom DDoS attacks or threats increased by 68% compared to Q1 2025, and by 6% from Q2 2024. Such incidents rose sharply in June, with approximately one third of survey respondents indicating they experienced related threats during the month. "Small" attacks - those below 500 Mbps - made up 94% of L3/4 events, but Cloudflare cautioned that even these can take typical servers offline if left unprotected. Most DDoS attacks remained short in duration, with the record-breaking 7.3 Tbps burst lasting only 45 seconds. Attackers continue to favour brief, intense traffic spikes to evade detection and overwhelm targets quickly. Geographic insight The top 10 most attacked locations shifted, with China, Brazil, and Germany occupying the first three spots. Significant movement was recorded, with Vietnam and Russia jumping fifteen and forty places, respectively, into the top ten. Cloudflare noted that these rankings reflect customer billing locations rather than indicators of direct geopolitical targeting. The main sources of attack traffic included Indonesia, Singapore, and Hong Kong, while the German-based Drei-K-Tech-GmbH network became the top source of HTTP DDoS attacks for the first time in a year, overtaking Hetzner and DigitalOcean. Cloudflare attributed the strength of many attacks to virtual machine (VM)-based botnets, which the company estimates are 5,000 times more potent than those based on Internet-of-Things devices. Attack vectors DNS flood attacks were the leading L3/4 DDoS vector, accounting for almost one third of all attacks, followed by SYN and UDP floods. Cloudflare set out its recommended best practices for mitigating these and other common DDoS vectors for both vulnerable organisations and their upstream service providers. Collaboration and threat sharing "To help hosting providers, cloud computing providers and any Internet service providers identify and take down the abusive accounts that launch these attacks, we leverage Cloudflare's unique vantage point to provide a free DDoS Botnet Threat Feed for Service Providers. Over 600 organizations worldwide have already signed up for this feed, and we've already seen great collaboration across the community to take down botnet nodes. This is possible thanks to the threat feed which provides these service providers a list of offending IP addresses from within their ASN that we see launching HTTP DDoS attacks. It's completely free and all it takes is opening a free Cloudflare account, authenticating the ASN via PeeringDB, and then fetching the threat intelligence via API." Industry perspective The report reiterates Cloudflare's message that always-on, proactive defences deliver more effective protection than reactive measures. The network's recorded throughput now reportedly reaches 388 Tbps across more than 330 global cities, providing capacity for real-time mitigation of large and complex DDoS events.
