Number of DDoS attacks increased by 121 percent

This is evident from figures shared by Cloudflare on the development of DDoS attacks in the fourth quarter of 2025. In the final quarter of 2025, Hong Kong climbed twelve places in the rankings, becoming the second most affected region by DDoS attacks. The United Kingdom rose 36 places to finish sixth on the list of most attacked locations.

A striking trend was the use of infected Android TVs, part of the Aisuru-Kimwolf botnet. These devices launched hypervolumetric HTTP DDoS attacks on Cloudflare’s network. Telecom companies remained the most targeted sector.

Record attack around Christmas

The fourth quarter was marked by a major attack by the Aisuru-Kimwolf botnet, nicknamed “The Night Before Christmas” DDoS attack. This campaign targeted Cloudflare customers, the company’s dashboard, and the underlying infrastructure.

The attacks reached peaks of more than 200 million requests per second (rps), just weeks after an earlier record attack of 31.4 terabits per second (Tbps).

Doubled in two years

In 2025, the total number of DDoS attacks doubled to 47.1 million. Since 2023, the growth has been significant: the number of attacks rose by 236 percent during that period. Network-level DDoS attacks, in particular, increased sharply, tripling compared to 2024. Cloudflare neutralized 34.4 million of these attacks last year, compared to 11.4 million in 2024.

Some of these attacks, approximately 13.5 million, targeted the global internet infrastructure protected by Cloudflare Magic Transit, as well as Cloudflare’s own infrastructure. This occurred during an 18-day DDoS campaign in the first quarter of 2025. Of these, 6.9 million attacks targeted Magic Transit customers, while the remaining 6.6 million directly affected Cloudflare.