CyberSecurityBoard
Sponsor Register Login

Cloudflare mitigates record number of DDoS attacks in 2025

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. However, 2025 is looking to be an even bigger problem for online entities and companies, with Cloudflare already responding to 20.5 million DDoS attacks in just the first quarter of 2025. "Of the 20.5 million DDoS attacks, 16.8M were network-layer DDoS attacks, and of those 6.6M targeted Cloudflare's network infrastructure directly," explains Cloudflare. Meanwhile, the trend of hyper-volumetric attacks continued unabated, with Cloudflare recording over 700 attacks that surpassed bandwidths of 1 Tbps (terabit per second) or packet rates of 1 billion packets per second. Cloudflare says it identified two emerging threats in 2025 Q1, namely Connectionless Lightweight Directory Access Protocol (CLDAP) and Encapsulating Security Payload (ESP) reflection/amplification attacks. One attack highlighted in Cloudflare's report, which occurred during 2025 Q1, concerns a US-based hosting provider that offers services to multiplayer gaming servers for Counter-Strike GO, Team Fortress 2, and Half-Life 2: Deathmatch. The previous record, also reported by Cloudflare, was a 5.6 Tbps DDoS attack attributed to a Mirai-based botnet comprising 13,000 devices. These attacks include Cloudflare itself, whose infrastructure was targeted directly in 6.6 million attacks over an 18-day multi-vector campaign. Gaming servers are popular targets for DDoS attacks, as the disruption can be highly damaging and impactful for publishers and entire player communities. The attack was 'hyper volumetric,' reaching 1.5 billion packets per second, though Cloudflare says it was still mitigated. The hyper-volumetric attacks that fall into these categories averaged eight daily during the year's first quarter, and the total count doubled compared to the previous quarter. Cloudflare explains that UDP in CLDAP requires no handshake, allowing IP spoofing, which the attackers exploit by forging the source IP address to reflect massive amounts of traffic to their target.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 28 Apr 2025 14:05:00 +0000


Cyber News related to Cloudflare mitigates record number of DDoS attacks in 2025

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
1 year ago Helpnetsecurity.com
Cloudflare mitigates record number of DDoS attacks in 2025 - Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. However, 2025 is looking to be an even bigger problem for online ...
9 months ago Bleepingcomputer.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
2 years ago Cybersecuritynews.com CVE-2023-44487 Cloak
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
2 years ago Cyberdefensemagazine.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
2 years ago Techtarget.com
CVE-2025-6087 - A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy ...
7 months ago
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
2 years ago Darkreading.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
2 years ago Bleepingcomputer.com
Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack - The second quarter of 2025 has marked a historic milestone with the largest DDoS attack ever recorded, demonstrating the evolving nature of digital threats and the critical importance of robust cybersecurity infrastructure. The Q2 2025 data reveals a ...
6 months ago Cybersecuritynews.com
How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
2 years ago Esecurityplanet.com
In Cybersecurity and Fashion, What's Old Is New Again - While distributed denial-of-service attacks and zero-day threats are nothing new in cybersecurity, they're still happening regularly for a simple reason: They work. In early November 2023, OpenAI blamed a DDoS attack for intermittent ChatGPT issues, ...
2 years ago Darkreading.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
3 years ago Blog.cloudflare.com
Security Series: Protecting the Edge Against DDoS Attacks with a Simplified Integrated Solution - An unprecedented increase in distributed-denial-of-service attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements for network operators. According to Zayo Group's ...
2 years ago Feedpress.me
VPN to protect against DDoS attacks on Twitch - Swarming or DDoS attacks pose a threat to streamers. Your data goes through a secure server, making it harder for attackers to target your actual IP address. A distributed denial-of-service attack globally harasses and attacks legitimate users and ...
2 years ago Itsecurityguru.org
Record Breaking 20.5 Million DDoS attacks, Top One With 4.8 Billion Packets - With a record-breaking 20.5 million Distributed Denial of Service (DDoS) attacks prevented in the first quarter alone, a 358% rise over the same period last year, Cloudflare has reported a historic spike in cyberattacks to start 2025. Hong Kong ...
9 months ago Cybersecuritynews.com
Essential DDoS statistics for understanding attack impact - The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and ...
2 years ago Helpnetsecurity.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
1 year ago Bleepingcomputer.com
Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
2 years ago Cyberdefensemagazine.com
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia - Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks. On November 30, 2023, Rappler, the leading digital media company in the ...
2 years ago Hackread.com
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps - Typically, threat actors launching DDoS attacks rely on large networks of infected devices (botnets) or look for ways to amplify the delivered data at the target, which requires a smaller number of systems. After scanning the public internet for ...
1 year ago Bleepingcomputer.com
Cybersecurity and Infrastructure Security Agency Reports Minimal Impact of Killnet Distributed Denial of Service Attacks on American Hospitals - The Cybersecurity and Infrastructure Security Agency (CISA) reported that it had assisted numerous hospitals in responding to a series of distributed denial-of-service (DDoS) attacks last week, which were launched by a pro-Kremlin hacking group known ...
3 years ago Therecord.media
Cloudflare mitigates new record-breaking 2.22 Tbps DDoS attack - Cloudflare recently mitigated a massive Distributed Denial of Service (DDoS) attack that reached a record-breaking peak of 2.22 Tbps, marking one of the largest volumetric attacks ever recorded. This unprecedented attack targeted one of Cloudflare's ...
4 months ago Bleepingcomputer.com
Police takes down six DDoS-for-hire services, arrests admins - ​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. "In the ...
9 months ago Bleepingcomputer.com
Pro-Russian DDoS Attacks Alarm Denmark and US - Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it ...
3 years ago Therecord.media

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)