Cloudflare reports 47.1 million DDoS attacks in 2025, with UK jumping to 6th most targeted nation as botnet "The Night Before Christmas" unleashed 31.4 Tbps traffic flood.
The UK has become the world's sixth-most targeted location for distributed denial-of-service (DDoS) attacks, leaping 36 places in global rankings as cybercriminals unleashed record-breaking traffic floods during the final quarter of 2025.
According to Cloudflare's latest DDoS threat report, the company mitigated 47.1 million DDoS attacks throughout 2025 - more than double the previous year's total. The final quarter alone saw a 31 percent increase from the prior quarter and a 58 percent jump compared to Q4 2024.
The most significant attack came from a botnet dubbed "The Night Before Christmas," which peaked at 31.4 terabits per second on December 19. This botnet, named Aisuru-Kimwolf, primarily consists of malware-infected Android TVs and targeted both Cloudflare customers and the company's own infrastructure simultaneously.
"As the number of attacks increased over the course of 2025, the size of the attacks increased as well, growing by over 700 percent compared to the large attacks seen in late 2024," Cloudflare stated in its report.
The attack patterns have evolved significantly. Rather than sustained long-duration floods, attackers are increasingly deploying "smash-and-dash" tactics - short, intense bursts that can conclude in under two minutes while still pushing traffic into billions of packets per second. This shift makes detection and mitigation more challenging, as the sheer speed has become the primary weapon.
Cloudflare attributes much of the surge to large botnets built from compromised internet-connected devices. The company identified routers, cameras, DVRs, and particularly Android TVs as common infection targets. Attackers are also increasingly abusing cloud-hosted virtual machines to generate large bursts of traffic, allowing them to scale attacks quickly and efficiently.
While China, Hong Kong, Germany, Brazil, and the United States remained among the most frequently targeted regions, the UK's sudden rise to sixth place is particularly noteworthy. Cloudflare doesn't attribute this to any single campaign, though the country appears in several well-known DDoS crosshairs.
Financial services remain a favorite target for attackers, and geopolitical tensions are adding fresh fuel to the fire. Pro-Russian hacktivist groups like NoName057(16) have repeatedly claimed responsibility for attacks on UK government and public sector websites. Britain's dense telecoms and cloud infrastructure also make it a high-impact disruption target.
The sectors most frequently targeted include telecom providers, IT service firms, and gambling and gaming sites - industries where outages tend to trigger both lost revenue and loud customer complaints. Most attacks continue to target the lower layers of the internet, with Layer 3 and Layer 4 attacks leading the charge.
To combat these evolving threats, Cloudflare emphasizes the need for autonomous systems that can detect and block massive, short-lived attacks in real time without human intervention. "When traffic surges to record levels and then vanishes within a couple of minutes, humans will never react quickly enough," the company noted.
The rise in DDoS attacks reflects a broader trend in cybercrime, where attackers are becoming more sophisticated in their methods while leveraging increasingly powerful botnets. As more devices become connected to the internet, the potential attack surface continues to expand, creating new challenges for cybersecurity professionals and organizations worldwide.
For UK businesses, the message is clear: DDoS protection is no longer optional. With the country now ranking among the top targets globally, organizations across all sectors need to implement robust mitigation strategies and ensure their defenses can handle both the volume and velocity of modern DDoS attacks.
Comments
Please log in or register to join the discussion