Cloudflare DDoS Report: 63% Of Known Attacks Blamed On Competitors

Cloudflare released their 2025 Q2 DDoS Threat Report, which names the top ten sources of DDoS attacks and cites businesses targeting competitors as the largest source of DDoS attacks, according to surveyed respondents who had identified their attackers.

Survey: Who Attacked You?

Cloudflare surveyed customers about DDoS attacks, and 29% claimed to have identified the sources of those attacks. Of those who identified the attackers, 63% pointed to competitors, the largest of whom were businesses in the crypto, gambling, and gaming industries. 21% of the respondents who identified their attackers said they were victims of state‑sponsored attacks, and 5% said they had accidentally attacked themselves, something that can happen with server misconfigurations

This is how Cloudflare explained it:

“When asked who was behind the DDoS attacks they experienced in 2025 Q2, the majority (71%) of respondents said they didn’t know who attacked them. Of the remaining 29% of respondents that claimed to have identified the threat actor, 63% pointed to competitors, a pattern especially common in the Gaming, Gambling and Crypto industries. Another 21% attributed the attack to state-level or state-sponsored actors, while 5% each said they’d inadvertently attacked themselves (self-DDoS), were targeted by extortionists, or suffered an assault from disgruntled customers/users.”

Most Attacked Locations

One would think that the United States would be the most attacked location, given how many businesses and websites are located there. But the most attacked location was China, which climbed from position three to position one. Brazil also climbed four positions to second place. Turkey dropped four positions to land in sixth place, and Hong Kong dropped to seventh place. Vietnam, however, jumped fifteen places to land in eighth place.

Top Ten Most DDoS-Attacked Countries

1. China
2. Germany
3. India
4. South Korea
5. Turkey
6. Hong Kong
7. Vietnam
8. Russia
9. Azerbaijan

Top Attacked Industries

Telecommunications was the most attacked industry, followed by Internet and Information Technology Services. Gaming and Gambling were the third and fourth most attacked industries, followed by Banking/Financial and Retail industries.

1. Telecommunications
2. Internet
3. Information Technology and Services
4. Gaming
5. Gambling and Casinos
6. Banking and financial Services
7. Retail
8. Agriculture
9. Computer Software
10. Government

Top Country-Level Sources Of DDOS Attacks

Cloudflare’s data shows that Ukraine is the fifth‑largest source of DDoS attacks, but doesn’t say which areas of Ukraine are responsible. When I look at my logs of bot attacks, the Ukrainian‑origin bots are consistently in Russian‑occupied territories. Cloudflare should have made a distinction about this point, in my opinion.

The country of origin doesn’t mean that one country is shiftier than another. For example, the Netherlands rank as the ninth‑largest source of DDoS attacks, and that may be the case because they have strong user privacy laws that protect VPN users and are well positioned for low latency to both Europe and North America.

Cloudflare also provide the following note about country-level origins:

“It’s important to note that these “source” rankings reflect where botnet nodes, proxy or VPN endpoints reside — not the actual location of threat actors. For L3/4 DDoS attacks, where IP spoofing is rampant, we geolocate each packet to the Cloudflare data center that first ingested and blocked it, drawing on our presence in over 330 cities for truly granular accuracy.”

Top Ten Country Origins Of DDOS Attacks

1. Indonesia
2. Singapore
3. Hong Kong
4. Argentina
5. Ukraine
6. Russia
7. Ecuador
8. Vietnam
9. Netherlands
10. Thailand

Top ASN Sources Of DDOS Attacks

An ASN (Autonomous System Number) is a unique number assigned to networks or groups of networks that share the same rules for routing internet traffic. SEOs and publishers who track the origin of bad traffic and use .htaccess to block millions of IP ranges will recognize a number of the networks on this list. Hetzner, OVH, Tencent, Microsoft, the Google Cloud Platform, and Alibaba are all usual suspects.

According to Cloudflare, Hetzner dropped from first place as the origin of DDoS attacks to third place. DigitalOcean was formerly the number one source of DDoS attacks and was pushed down to position two by Drei‑K‑Tech‑GmbH, which jumped six places to become the leading source of DDoS attacks.

Top Ten Network Sources Of DDOS Attacks

1. Drei-K-Tech-GmbH
2. DigitalOcean
3. Hetzner
4. Microsoft
5. Viettel
6. Tencent
7. OVH
8. Chinanet
9. Google Cloud Platform
10. Alibaba

DDOS Attacks Could Be Better Mitigated

Cloudflare noted that it has a program that allows cloud computing providers to rapidly respond to bad actors abusing its networks. It’s not just DDoS attacks that originate at cloud and web hosting providers; it’s also bots scanning for vulnerabilities and actively trying to hack websites. If more providers joined Cloudflare, there could be fewer DDoS attacks, and the web would be a lot safer place.

This is how Cloudflare explains it:

“To help hosting providers, cloud computing providers and any Internet service providers identify and take down the abusive accounts that launch these attacks, we leverage Cloudflare’s unique vantage point to provide a free DDoS Botnet Threat Feed for Service Providers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen great collaboration across the community to take down botnet nodes.”

Read the Cloudflare report:

Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report