In the second quarter of 2025, a report from Cloudflare revealed various important insights related to Distributed Denial of Service (DDoS) attacks. In this 22nd edition of the report, DDoS attacks involving actors from industry competitors, ransom DDoS attacks, and increased attacks on certain sectors are the main highlights.
This article will take a deeper look at attack patterns, the most attacked sectors, and the types of threats faced by organizations around the world.
Threat Actors: Who Is Behind the DDoS Attack?
In the second quarter of 2025, Cloudflare’s analysis revealed interesting information about who is behind the DDoS attacks experienced by various organizations. Based on the report, the majority (71%) of respondents were unable to identify the perpetrators of the attack targeting them. However, of the 29% of respondents who were able to identify the culprit, the vast majority (63%) suspected that an industry competitor was the actor behind the attack. This is a common pattern often found in sectors such as Gaming, Gambling, and Crypto.
As many as 21% of the other respondents suspected attacks were from state actors or sponsored by the state. While another 5% reported cases such as self-DDoS, where they accidentally attacked themselves, or attacks carried out by extortionists or dissatisfied customers.
Ransom DDoS Attack
The report also noted a significant increase in Ransom DDoS attacks , which include the threat of DDoS attacks by demanding ransoms. In Q2 2025, approximately 68% more customers reported being targeted by Ransom DDoS attacks compared to the previous quarter, as well as a 6% increase compared to the same period in 2024.
The peak of the Ransom DDoS attack occurred in June 2025, where about one-third of respondents reported having been threatened or targeted by a ransom DDoS attack. This shows an alarming trend in the world of DDoS attacks that are increasingly armed with ransom demands.
Most Attacked Locations
The locations most targeted by DDoS attacks in Q2 2025
Geographically, the ranking of the most attacked locations has undergone significant changes. China again took first place, after moving up two places, followed by Brazil which moved up four places to second place. Germany, which was previously in first place, has now dropped to third, while India and South Korea have moved up one and four places to fourth and fifth respectively. Meanwhile, Vietnam jumped 15 places to eighth place, and Russia and Azerbaijan experienced huge jumps in the rankings, up 40 and 31 places, respectively.
It’s important to note that the most attacked locations refer to the country where Cloudflare’s customers are registered, not the countries that were directly attacked. This means that the high ratings indicate that more Cloudflare customers in the region are being targeted by DDoS attacks, rather than direct geopolitical targeting.
Read More: Cloudflare DDoS Threat Report Q2 2025: Significant Increase in Hyper-Volumetric Attacks
The Most Attacked Industries
In terms of the industries that are most attacked, there have been some significant movements. Telecommunications, Service Providers, and Operators rose one spot to first place, while the Internet sector jumped two places to second place. Information Technology & Services remains in third place as the most attacked industry, while Gaming moves up one rank to fourth place.
The Gambling & Casino sector experienced a significant decline, dropping four places to fifth place. Banking & Financial Services remained in sixth position, while the Retail sector rose one rank to seventh position. Surprisingly, the Agriculture sector jumped dramatically 38 places to eighth place, while Computer Software and Government moved up two places to ninth and tenth positions, respectively.
Conclusion
Cloudflare’s Q2 2025 DDoS report shows that DDoS attacks, both involving actors from industry competitors and threats armed with ransom, continue to be a significant problem for enterprises across various sectors. While there has been a decrease in total attacks compared to the previous quarter, they are becoming more and more scalable, with certain sectors being the main targets. Therefore, it is important for organizations to continue to strengthen their defenses and raise awareness about these evolving threats.
