Every second, millions of data packets travel across the invisible highways of the Internet. While people enjoy content, shop online, or work remotely, an ongoing battle rages against threats that aim to bring everything crashing down. One of the most devastating attacks are DDoS attacks, capable of paralyzing websites, banking services, and critical infrastructure within minutes.
Internet services giant Cloudflare has been one of the main shields in this fight. According to its DDoS Report for the first quarter of 2025, the company managed to mitigate a record-breaking 21.3 million DDoS attacks during 2024, reflecting a 358% year-over-year increase and a 198% quarter-over-quarter jump. However, the landscape in 2025 looks even more challenging: in just the first three months of the year, Cloudflare has already responded to 20.5 million attacks, nearly matching the total number from the previous year in record time.
Perhaps most alarming is that not even Cloudflare is immune: its own infrastructure was targeted by 6.6 million attacks in a multivector campaign that lasted 18 days. This year, Cloudflare hasn’t just set a historic milestone in threat mitigation; it has also made it clear that the cybersecurity landscape is evolving at breakneck speed.
Attacks Targeting Cloudflare's Network
Cloudflare explained that out of the 20.5 million DDoS attacks it detected, around 16.8 million specifically targeted the network layer. Of those, 6.6 million were direct attacks against Cloudflare’s own network infrastructure.
All of this was part of a multivector DDoS campaign that stretched over 18 consecutive days, using a mix of techniques — from SYN floods to attacks generated by the Mirai malware, and amplification attacks using SSDP, among others.
What raised the most concern was the sharp spike in network-layer attacks, which soared by 509% compared to the previous year. A massive jump that made it clear attackers have no plans of slowing down anytime soon.
Total Number of DDoS Attacks (Source: Cloudflare)
On the other hand, hyper-volumetric attacks kept coming full force. Cloudflare recorded over 700 attacks that hit mind-blowing speeds — we’re talking about over 1 terabit per second or one billion packets sent every second. Pretty intense.
During the first quarter of the year, these types of attacks were so frequent that they averaged around eight hyper-volumetric attacks per day, and compared to the previous quarter, the number almost doubled.
But that wasn't all. Cloudflare also spotted two new emerging threats that started to gain traction: CLDAP attacks and ESP reflection/amplification attacks.
CLDAP attacks (a faster but less secure variant of the LDAP protocol) skyrocketed, growing 3,488% in just three months. The key? They use UDP instead of TCP, which lets attackers skip the handshake process and spoof IP addresses, redirecting massive amounts of traffic to their victims.
Meanwhile, ESP-based attacks also exploded, showing a 2,301% increase over the quarter. These attacks typically exploit misconfigurations or vulnerabilities in exposed systems that should have been much better secured.
Tendencias de ataques observadas para el primer trimestre de 2025 (Fuente: Cloudflare)
Read more: Critical Flaw Exposes 6,000 Servers in Mexico
One of the most striking attacks highlighted in Cloudflare's report for the first quarter of 2025 targeted a U.S.-based hosting provider specializing in multiplayer gaming servers for titles like Counter-Strike GO, Team Fortress 2, and Half-Life 2: Deathmatch.
And it wasn't just any attack — it came in multiple waves and specifically targeted port 27015, a port well-known in the gaming world because it must stay open for both UDP and TCP connections. Clearly, the attackers knew exactly what they were doing: they wanted to take down gaming services and disrupt thousands of players.
And it wasn't a small-scale incident either. It was a hyper-volumetric attack that peaked at 1.5 billion packets per second. Even so, Cloudflare managed to mitigate it before it could cause any serious damage.
It's no coincidence that gaming servers are a favorite target for DDoS attacks. A successful disruption doesn't just ruin live matches — it can seriously impact game publishers and entire gaming communities.
And as if that wasn't enough, Cloudflare CEO Matthew Prince dropped a bombshell on X (formerly Twitter) last week: the company had just mitigated a record-breaking DDoS attack that peaked at 5.8 terabits per second and lasted about 45 seconds.
To put it in perspective: the previous record, also reported by Cloudflare, was a 5.6 Tbps attack launched by a Mirai-based botnet made up of around 13,000 infected devices.
This latest attack, according to Prince, appeared to be a test run — a way for the attackers to measure the strength of their new DDoS "cannon." And if that wasn’t enough, he hinted that there was an even bigger attack on the same day, promising to share more details soon.