Cloudflare’s 2025 Q4 DDoS Threat Report reveals a staggering 121% surge in distributed denial of service attacks, with cybercriminals launching an average of 5,376 attacks every hour. The year culminated in a record-breaking 31.4 terabit-per-second (Tbps) attack that lasted just 35 seconds, underscoring the escalating sophistication and volume of cyber threats facing businesses globally.
The numbers behind the surge
The scale of DDoS activity in 2025 defied expectations. Total attacks reached 47.1 million, more than doubling from the previous year. To put this in perspective, attacks have spiked 236% between 2023 and 2025, with network-layer DDoS attacks more than tripling year-over-year to 34.4 million incidents.
Of the hourly average of 5,376 attacks, 3,925 were network-layer attacks while 1,451 targeted HTTP protocols. Network-layer attacks dominated the final quarter, accounting for 78% of all DDoS incidents as cybersecurity threats in the GCC region continue escalating.
The Aisuru-Kimwolf botnet threat
Perhaps most concerning was the emergence of the Aisuru-Kimwolf botnet, a massive network of 1-4 million malware-infected devices, primarily Android TVs. On 19 December 2025, this botnet launched ‘The Night Before Christmas’ campaign, bombarding Cloudflare’s infrastructure with hyper-volumetric HTTP DDoS attacks exceeding 20 million requests per second.
The botnet represents a new class of threat capable of crippling critical infrastructure, crashing legacy cloud-based protection solutions, and potentially disrupting entire nations’ connectivity. While dramatic, this campaign represented only a fraction of the hyper-volumetric attacks observed throughout 2025.
Hyper-volumetric attacks reach new peaks
Cloudflare observed a continuous increase in hyper-volumetric DDoS attacks throughout 2025. The fourth quarter alone saw a 40% increase compared to Q3, with attack sizes growing over 700% compared to late 2024 peaks. The record-setting 31.4 Tbps attack demonstrates how quickly threat actors are scaling their capabilities.
These massive attacks exploit internet infrastructure vulnerabilities that become increasingly apparent as digital services centralise on major platforms.
Industries and regions under fire
The telecommunications, service providers and carriers industry bore the brunt of attacks, followed by information technology and services. Gaming and gambling sectors rounded out the top five most-targeted industries, reflecting attackers’ focus on high-value, always-online services.
Geographically, Hong Kong surged 12 places to become the second most-attacked location, while the United Kingdom leapt 36 positions to sixth place. The top attack sources shifted dramatically, with Bangladesh dethroning Indonesia as the primary origin of DDoS traffic.
Regional implications for UAE and MENA
The findings carry particular weight for the UAE and broader Middle East region, according to Ercan Aydin, Cloudflare’s AVP for Middle East, Türkiye & Africa. ‘The scale and frequency of DDoS activity we observed in 2025 underscore how quickly threat actors are evolving their tactics,’ Aydin commented.
‘This is especially true across the Middle East, Türkiye, and Africa, where critical infrastructure and enterprise digital adoption are accelerating. By proactively leveraging real-time intelligence and mitigation capabilities, we help organisations stay ahead of these escalating threats.’
As UAE companies increasingly adopt cloud infrastructure, the report’s findings highlight the critical importance of robust DDoS protection for maintaining business continuity in the region’s rapidly digitising economy.
About the report
Cloudflare’s 2025 Q4 DDoS Threat Report analyses attack patterns across one of the world’s largest networks, processing over 63 million HTTP requests and 31 million DNS queries per second. The company mitigates DDoS attacks automatically using machine learning systems that can detect and respond to threats within seconds of detection.


