DDoS attacks more than doubled in 2025, hitting 5,376 per hour with record-breaking volumes

Cybercriminals launched over 47 million DDoS attacks in 2025, tripling from previous years. A new Android TV botnet called Aisuru-Kimwolf emerged, capable of 20 million requests per second and threatening entire nations' connectivity.

Cloudflare's 2025 Q4 DDoS Threat Report reveals a staggering 121% surge in distributed denial of service attacks, with cybercriminals launching an average of 5,376 attacks every hour. The year culminated in a record-breaking 31.4 terabit-per-second (Tbps) attack that lasted just 35 seconds, underscoring the escalating sophistication and volume of cyber threats facing businesses globally.

The numbers behind the surge

The scale of DDoS activity in 2025 defied expectations. Total attacks reached 47.1 million, more than doubling from the previous year. To put this in perspective, attacks have spiked 236% between 2023 and 2025, with network-layer DDoS attacks more than tripling year-over-year to 34.4 million incidents.

Of the hourly average of 5,376 attacks, 3,925 were network-layer attacks while 1,451 targeted HTTP protocols. Network-layer attacks dominated the final quarter, accounting for 78% of all DDoS incidents as cybersecurity threats in the GCC region continue escalating.

The Aisuru-Kimwolf botnet threat

Perhaps most concerning was the emergence of the Aisuru-Kimwolf botnet, a massive network of 1-4 million malware-infected devices, primarily Android TVs. On 19 December 2025, this botnet launched 'The Night Before Christmas' campaign, bombarding Cloudflare's infrastructure with hyper-volumetric HTTP DDoS attacks exceeding 20 million requests per second.

The botnet represents a new class of threat capable of crippling critical infrastructure, crashing legacy cloud-based protection solutions, and potentially disrupting entire nations' connectivity. While dramatic, this campaign represented only a fraction of the hyper-volumetric attacks observed throughout 2025.

Hyper-volumetric attacks reach new peaks

Cloudflare observed a continuous increase in hyper-volumetric DDoS attacks throughout 2025. The fourth quarter alone saw a 40% increase compared to Q3, with attack sizes growing over 700% compared to late 2024 peaks. The record-setting 31.4 Tbps attack demonstrates how quickly threat actors are scaling their capabilities.

These massive attacks exploit internet infrastructure vulnerabilities that become increasingly apparent as digital services centralise on major platforms.

Industries and regions under fire

The telecommunications, service providers and carriers industry bore the brunt of attacks, followed by information technology and services. Gaming and gambling sectors rounded out the top five most-targeted industries, reflecting attackers' focus on high-value, always-online services.

Geographically, Hong Kong surged 12 places to become the second most-attacked location, while the United Kingdom leapt 36 positions to sixth place. The top attack sources shifted dramatically, with Bangladesh dethroning Indonesia as the primary origin of DDoS traffic.

Regional implications for UAE and MENA

The findings carry particular weight for the UAE and broader Middle East region, according to Ercan Aydin, Cloudflare's AVP for Middle East, Türkiye & Africa. 'The scale and frequency of DDoS activity we observed in 2025 underscore how quickly threat actors are evolving their tactics,' Aydin commented.

'This is especially true across the Middle East, Türkiye, and Africa, where critical infrastructure and enterprise digital adoption are accelerating. By proactively leveraging real-time intelligence and mitigation capabilities, we help organisations stay ahead of these escalating threats.'

As UAE companies increasingly adopt cloud infrastructure, the report's findings highlight the critical importance of robust DDoS protection for maintaining business continuity in the region's rapidly digitising economy.

About the report

Cloudflare's 2025 Q4 DDoS Threat Report analyses attack patterns across one of the world's largest networks, processing over 63 million HTTP requests and 31 million DNS queries per second. The company mitigates DDoS attacks automatically using machine learning systems that can detect and respond to threats within seconds of detection.

Frequently Asked Questions

What are the key findings of Cloudflare's 2025 Q4 DDoS report?

Cloudflare's report reveals a 121% surge in DDoS attacks in 2025, with 47.1 million total attacks and an average of 5,376 attacks mitigated hourly. A record 31.4 Tbps attack was observed, while the Aisuru-Kimwolf botnet launched massive campaigns using infected Android TVs.

How much did DDoS attacks increase in 2025?

DDoS attacks surged by 121% in 2025 compared to 2024, reaching 47.1 million total incidents. Network-layer attacks more than tripled, while the overall increase from 2023 to 2025 represents a 236% spike in attack volume.

What is the Aisuru-Kimwolf botnet?

The Aisuru-Kimwolf botnet is a network of 1-4 million malware-infected devices, primarily Android TVs. It's capable of launching hyper-volumetric HTTP DDoS attacks exceeding 20 million requests per second and can potentially disrupt entire nations' connectivity.

Which industries were most targeted by DDoS attacks in 2025?

Telecommunications, service providers and carriers topped the list of most-attacked industries, followed by information technology and services. Gaming, gambling, and computer software sectors also featured prominently among targeted industries.

What was the largest DDoS attack recorded in 2025?

Cloudflare observed a record-setting 31.4 Tbps DDoS attack that lasted just 35 seconds. This represents a dramatic increase from late 2024 attack sizes, with hyper-volumetric attacks growing over 700% year-over-year.

Why are DDoS attacks relevant to UAE businesses?

As UAE businesses accelerate digital adoption and critical infrastructure development, they face increased exposure to sophisticated DDoS threats. The region's growing cloud infrastructure adoption makes robust DDoS protection essential for maintaining business continuity.