The latest Cloudflare DDoS Threat Report reveals a staggering increase in Distributed Denial of Service (DDoS) attacks, with a 358% year-over-year rise in the Asia Pacific (APAC) region. In the first quarter of 2025 alone, Cloudflare mitigated over 20.5 million DDoS attacks, a figure that highlights the growing sophistication and frequency of these cyber threats.
Statistics
Out of the 20.5 million attacks blocked, approximately 6.6 million were directed at Cloudflare’s network infrastructure, occurring during an 18-day multi-vector attack campaign.
The report noted that APAC experienced a significant portion of these assaults, with network-layer DDoS attacks constituting the majority at 16.8 million, representing a 509% increase compared to the same period last year.
The report also documented around 700 hyper-volumetric DDoS attacks that exceeded 1 terabit per second (Tbps). These massive assaults often last only seconds but can cause extensive disruption, particularly for businesses reliant on continuous online operations.
Targeted industries and countries
The travel and telecommunications sectors were among the most affected, with DDoS attacks frequently targeting service providers and infrastructure.
In APAC, Hong Kong emerged as a focal point for these attacks, climbing to the top of the list of attack sources, followed closely by Indonesia. The concentration of attacks in these regions can be attributed to their significant digital infrastructures and roles as financial hubs.
This surge in attacks brings to light the vulnerabilities that businesses in APAC face, particularly as they continue to embrace digital transformation. The gaming and financial sectors are also notable targets, indicating that attackers are increasingly leveraging DDoS tactics to disrupt operations and extort businesses.
Emerging threats and tactics
The report highlights a worrying trend in the emergence of new attack vectors, particularly CLDAP reflection and amplification attacks, which saw a dramatic increase of 3,488% quarter-over-quarter. These attacks exploit misconfigured servers to overwhelm targets with traffic, demonstrating the evolving tactics used by cybercriminals.
Many organisations in APAC remain ill-prepared for such attacks, often implementing DDoS protection only after experiencing incidents. This reactive approach can lead to significant downtime and financial losses, underscoring the importance of proactive security measures.
What now?
dscape continues to evolve, the findings from Cloudflare’s Q1 report serve as a wake-up call for organisations across Asia Pacific. The increase in DDoS attacks, particularly in sectors vital to the region's economy, highlights the urgent need for enhanced security measures.
Businesses must adopt comprehensive, always-on solutions to mitigate risks and ensure resilience against the growing tide of cyber threats.