ddos

2025 Q4 DDoS Threat Report: a Record-setting 31.4 Tbps Attack Caps a Year of Massive DDoS Assaults

2025 Q4 DDoS Threat Report Summary:
DDoS attacks surged in 2025, with a record of 47.1 million total attacks, a 121% increase. The Aisuru-Kimwolf botnet led significant campaigns, including a peak attack of 31.4 Tbps. Network-layer attacks rose sharply, making up 78% of all incidents. Key targets included telecommunications and gaming industries, with Hong Kong and the UK experiencing notable attacker rises. Bangladesh became the largest source of DDoS attacks. Cloudflare effectively mitigated these threats through autonomous DDoS defense. Overall, organizations must reassess their security strategies to combat escalating DDoS risks.

https://blog.cloudflare.com/ddos-threat-report-2025-q4/

30 Years of DDoS: Why a Structural Problem Persists

DDoS attacks, originating in 1996, remain a persistent problem due to known weaknesses in internet architecture and organizational structures. The growth of the internet has amplified the impact of these attacks, exploiting vulnerabilities in IoT devices and combining network overloads with targeted disruptions to business processes.

https://www.igorslab.de/en/30-years-of-ddos-why-a-structural-problem-persists/

Aisuru Botnet Sets New Record With 31.4 Tbps DDoS Attack

Aisuru botnet set a record with a 31.4 Tbps DDoS attack, targeting telecoms and IT firms. Cloudflare mitigated this “Night Before Christmas” attack, which peaked at 200 million requests per second. The botnet, leveraging compromised devices, continues to increase DDoS incidents, with a 121% rise in attacks over 2025.

https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/

The Rise of Precision Botnets in DDoS

Precision botnets are emerging threats in DDoS attacks, focusing on targeted disruption rather than overwhelming traffic. Unlike traditional attacks, they exploit specific system vulnerabilities while blending in with normal traffic. Effective defense requires a shift from volumetric detection to behavior analytics and adaptive rate limiting, emphasizing intent over volume for identifying malicious activity.

https://securityboulevard.com/2025/12/the-rise-of-precision-botnets-in-ddos/

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet hijacks 1.8 million Android devices for DDoS attacks. Originating from the NDK, it targets Android TVs and set-top boxes, demonstrating advanced capabilities like proxy forwarding and use of Ethereum Name Service for resiliency. Linked to the AISURU botnet, Kimwolf has executed 1.7 billion DDoS commands recently and evolved to enhance its infrastructure against take-down efforts, affecting users in Brazil, India, and the U.S. Attack patterns focus on leveraging compromised devices for proxy services.

https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html

The 2025 Cloudflare Radar Year in Review- the Rise of AI, Post-quantum, and Record-breaking DDoS Attacks

Extreme TLDR: 2025 Cloudflare Radar reveals global Internet traffic rose 19%, driven by AI growth, Starlink doubling its traffic, and notable DDoS attacks. Key trends included 52% of Web traffic being post-quantum encrypted, 40% of bot traffic from the US, and Googlebot as the top traffic source. The Year in Review highlights shifts in popular services and connectivity issues, with significant growth in mobile and AI traffic.

https://blog.cloudflare.com/radar-2025-year-in-review/

DDoS Attacks Are Massive and Here to Stay: Cloudflare

Cloudflare reports 8.3 million DDoS attacks in Q3 2025, a 40% YoY increase. The Aisuru botnet is highlighted as the main threat, causing record attacks, including a peak of 29.7 Tb/s. DDoS attacks are now frequent and sophisticated, challenging traditional defenses. Industries like telecom and AI are heavily targeted. China, Turkey, and Germany are the top affected countries, with rising attacks linked to geopolitical tensions.

https://www.sdxcentral.com/news/ddos-attacks-are-massive-and-here-to-stay-cloudflare/

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet With up to 4 Million Infected Hosts

TLDR: Cloudflare reports a record 29.7 Tbps DDoS attack from the AISURU botnet, lasting 69 seconds and involving 1-4 million infected hosts. The botnet targets telecoms, gaming, and financial sectors. In 2025, Cloudflare mitigated 36.2 million DDoS attacks, indicating a surge in size and complexity of attacks, especially against AI companies and the automotive industry.

https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html

Botnet Takes Advantage of AWS Outage to Smack 28 Countries

Mirai-based botnet ShadowV2 emerged during an AWS outage, infecting IoT devices globally and potentially testing for future attacks, as reported by Fortinet. It exploited device vulnerabilities to orchestrate DDoS attacks, affecting 28 countries across various sectors. Although its activity was limited to the outage period, it highlights ongoing IoT security weaknesses, prompting calls for better device protection and monitoring.

https://www.theregister.com/2025/11/26/miraibased_botnet_shadowv2/

Microsoft: Azure Hit by 15 Tbps DDoS Attack Using 500,000 IP Addresses

Microsoft's Azure was targeted by a 15.72 Tbps DDoS attack from the Aisuru botnet, utilizing over 500,000 IP addresses, and employing high-rate UDP floods, peaking at 3.64 billion packets per second. Aisuru, a Turbo Mirai-class botnet, exploits vulnerabilities in IoT devices, significantly growing in size after breaching a router firmware update server. This attack follows other DDoS incidents linked to the same botnet, and highlights ongoing security challenges with IoT devices.

https://www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/

DDoS Attacks Dominate as Hacktivists Target Public Sector

EU public administrations face increasing DDoS attacks from hacktivists, per an ENISA report. Central government targets account for 69% of incidents, with DDoS attacks making up 60%. Public sector vulnerability is high due to sensitive data management. Recommendations for resilience under NIS2 Directive include implementing CDNs, multi-factor authentication, and cross-border preparedness to safeguard essential services and public trust.

https://www.digit.fyi/enisa-cyber-report/

Modern Approach to Attributing Hacktivist Groups

TLDR: Check Point Research analyzes hacktivism, identifying a shift towards state-sponsored groups using hacktivist tactics for influence operations. Utilizing advanced language-based machine learning and linguistic analysis, the study aims to improve attribution methods by examining public messages from various hacktivists. This includes topic modeling to uncover key themes and stylometric analysis to identify writing styles and connections between groups. Findings show increasing complexity in hacktivism as state actors adapt grassroots approaches, complicating attribution while revealing connections to geopolitical events and potential state-sponsored agendas.

https://research.checkpoint.com/2025/modern-approach-to-attributing-hacktivist-groups/

DeepSeek Halts New Signups Amid “large-scale” Cyberattack

DeepSeek suspends new registrations on its AI chat platform due to a “large-scale” cyberattack, believed to be a DDoS attack. The platform recently gained attention for outperforming US models, causing a sell-off in US stocks. Existing users can still log in, but cybersecurity researchers report vulnerabilities in DeepSeek's model that could enable malicious outputs.

https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/

Scroll to Top