63% of DDoS Attacks Linked to Competitors

by | Jul 17, 2025 | Google | 0 comments

63% of DDoS Attacks Linked to Competitors

In its latest quarterly update, Cloudflare has revealed that a significant number of DDoS (Distributed Denial of Service) attacks are being initiated by business rivals. According to their 2025 Q2 DDoS Threat Report, 63% of the attacks identified by customers were believed to have been launched by competitors within the industry.

Interestingly, the report also highlights that around 5% of these disruptions were actually self-inflicted, often due to internal testing gone wrong or misconfigurations. The findings are based on survey responses from affected users who were able to pinpoint the likely source of their attacks.

Cloudflare’s report further outlines the ten most common origins of DDoS threats, underlining the growing concern that competitive sabotage is becoming a major tactic in the digital business landscape.

 

Survey: Who Attacked You?

Cloudflare’s latest DDoS Threat Report for Q2 2025 sheds light on who may be behind the rising number of cyberattacks. The company surveyed its customers and found that while most couldn’t identify the source of the attacks, a notable portion had their suspicions.

Out of all respondents, 29% claimed they were able to pinpoint who was responsible for the DDoS attacks they experienced. Of those, the majority—63%—believed their competitors were to blame. This trend was most evident in industries such as crypto, gambling, and gaming, where competition is particularly fierce.

Meanwhile, 21% of those who identified the source of the attack pointed the finger at state-sponsored actors. A smaller number, around 5%, said the attacks were self-inflicted, usually due to server misconfigurations or errors made during internal testing.

Cloudflare also reported that another 5% of these identified attacks were carried out by extortionists or came from disgruntled users or customers. However, 71% of all those surveyed admitted they didn’t know who was behind the attacks, highlighting how difficult it can be to trace these incidents with certainty.

These insights from Cloudflare underline the complex and sometimes surprising nature of DDoS threats today, especially when attacks are coming from both expected and unexpected sources.

 

Most Attacked Locations

It might seem logical to assume that the United States, with its vast number of businesses and websites, would be the top target for DDoS attacks. However, recent data shows that this isn’t the case. China has now taken the lead as the most attacked country, climbing from third to first position.

Brazil has also seen a significant rise in attack volume, jumping four spots to take second place. In contrast, Turkey experienced a drop of four places, now sitting at sixth in the rankings. Hong Kong also slipped down the list, moving into seventh place.

Perhaps most notable is Vietnam, which saw the largest movement in the rankings. It surged up fifteen places to land in eighth position, highlighting a sharp increase in cyber threats directed at the country.

Here’s the current top ten list of the most DDoS-targeted countries:

  1. China

  2. Germany

  3. India

  4. South Korea

  5. Turkey

  6. Hong Kong

  7. Vietnam

  8. Russia

  9. Azerbaijan

 

Top Attacked Industries

The telecommunications sector faced the highest number of DDoS attacks during the recent reporting period, putting it at the top of the list of targeted industries. This was closely followed by businesses in the internet and IT services space, which also experienced a significant share of cyber threats.

Gaming and gambling industries weren’t far behind, ranking third and fourth respectively. These sectors have increasingly become targets due to their high online activity and potential for disruption.

Other industries that saw a considerable number of attacks included banking and financial services, as well as retail businesses. Both are often targeted for their sensitive customer data and transaction-heavy platforms.

Interestingly, sectors such as agriculture, computer software, and even government institutions also made the list of most-attacked industries, showing that no area is completely safe from the growing threat of DDoS attacks.

Here’s a summary of the top ten most targeted industries:

  1. Telecommunications

  2. Internet

  3. Information Technology and Services

  4. Gaming

  5. Gambling and Casinos

  6. Banking and Financial Services

  7. Retail

  8. Agriculture

  9. Computer Software

  10. Government

 

Top Country-Level Sources Of DDOS Attacks

According to Cloudflare’s latest data, Ukraine ranks as the fifth-largest source of DDoS attacks globally. However, the report does not clarify which regions within Ukraine are responsible. Based on personal analysis of bot attack logs, many of the attacks traced back to Ukraine appear to come from areas currently under Russian occupation. This distinction could have been helpful for Cloudflare to include in their findings.

It’s important to understand that being listed as a source of attacks doesn’t necessarily reflect negatively on a country itself. For instance, the Netherlands appears ninth on the list of top sources for DDoS attacks. This may be due to the country’s robust privacy laws that favour VPN use, as well as its excellent connectivity to both Europe and North America, which makes it an attractive location for botnet operators.

Cloudflare addressed the country-of-origin topic by highlighting that these rankings are based on where botnet nodes, VPN endpoints, or proxies are located — not where the attackers themselves are. In many cases, especially with Layer 3 and 4 DDoS attacks that often use spoofed IPs, the geographical data reflects where the malicious traffic first entered Cloudflare’s global network. With data centres in over 330 cities, they are able to provide highly detailed and location-specific insights.

Here are the current top ten countries identified as the origin points of DDoS attacks:

  1. Indonesia

  2. Singapore

  3. Hong Kong

  4. Argentina

  5. Ukraine

  6. Russia

  7. Ecuador

  8. Vietnam

  9. Netherlands

  10. Thailand

 

Top ASN Sources Of DDOS Attacks

An Autonomous System Number (ASN) is a unique identifier assigned to a network or group of networks that follow the same routing policies when handling internet traffic. For many SEOs and website publishers who regularly monitor where harmful or suspicious traffic comes from, ASNs can be a familiar tool. They often use .htaccess files to block wide ranges of IP addresses linked to these networks.

Several well-known providers consistently appear on these lists due to the volume of malicious traffic associated with them. Names like Hetzner, OVH, Tencent, Microsoft, Google Cloud Platform, and Alibaba have long been recognised as common sources of problematic activity.

In Cloudflare’s latest analysis, there has been some movement among the top ASN sources of DDoS attacks. Hetzner, previously the number one offender, has now dropped to third place. DigitalOcean, which once held the top spot, has also been overtaken and now sits at number two.

The current leader is Drei-K-Tech-GmbH, which jumped six places to become the largest source of DDoS attacks according to Cloudflare’s findings. This sudden rise could suggest a spike in botnet activity or vulnerabilities being exploited within that network.

Below are the ten most common network sources of DDoS attacks based on Cloudflare’s recent data:

  1. Drei-K-Tech-GmbH

  2. DigitalOcean

  3. Hetzner

  4. Microsoft

  5. Viettel

  6. Tencent

  7. OVH

  8. Chinanet

  9. Google Cloud Platform

  10. Alibaba

These networks are not necessarily responsible for the attacks themselves, but they are where the traffic originates — often due to compromised servers or devices being hijacked to participate in large-scale attacks.

 

DDOS Attacks Could Be Better Mitigated

Cloudflare has introduced a dedicated programme aimed at helping cloud computing providers quickly tackle malicious activity on their networks. The issue isn’t limited to DDoS attacks alone — many threats also come from bots that scan websites for weaknesses or attempt to gain unauthorised access.

These malicious actions often stem from compromised accounts hosted on cloud platforms and web hosting services. If more providers partnered with Cloudflare in addressing these threats, the number of attacks could potentially decrease, making the internet a safer space for everyone.

To support this effort, Cloudflare offers what it calls the DDoS Botnet Threat Feed for Service Providers. This feed is designed to help internet service providers, hosting companies, and cloud platforms detect and shut down abusive accounts being used to launch attacks.

As Cloudflare explains it:

“To help hosting providers, cloud computing providers and any Internet service providers identify and take down the abusive accounts that launch these attacks, we leverage Cloudflare’s unique vantage point to provide a free DDoS Botnet Threat Feed for Service Providers. Over 600 organizations worldwide have already signed up for this feed, and we’ve already seen great collaboration across the community to take down botnet nodes.”

So far, more than 600 organisations globally have joined this initiative, showing promising cooperation in tackling botnet-related threats. With continued collaboration, the web could become a far more secure environment.

 

More Digital Marketing BLOGS here: 

Local SEO 2024 – How To Get More Local Business Calls

3 Strategies To Grow Your Business

Is Google Effective for Lead Generation?

What is SEO and How It Works?

How To Get More Customers On Facebook Without Spending Money

How Do I Get Clients Fast On Facebook?

How Do I Retarget Customers?

How Do You Use Retargeting In Marketing?

How To Get Clients From Facebook Groups

What Is The Best Way To Generate Leads On Facebook?

How Do I Get Leads From A Facebook Group?

How To Generate Leads On Facebook For FREE

>