The DDoS War: Competitors Blamed for 63% of Attacks in Shocking Cloudflare Report
New Data Reveals Crypto, Gambling, and Gaming Industries Are Ground Zero for Targeted Cyber Assaults
3 min readHighlights
- Competitors Drive Attacks: 63% of identified DDoS attacks are competitor-driven, heavily impacting crypto, gambling, and gaming.
- Global Hotspots Shift: China now leads as the most attacked country, with surprising jumps for Brazil and Vietnam.
- Collaboration is Key: Cloudflare’s threat feed aims to empower service providers to shut down abusive networks.
Image source : Designed by Martech Scholars using Canva Pro_Global DDoS attack hotspots visualized from Cloudflare’s 2025 threat report.
The Silent War: Businesses Unleash DDoS Attacks on Rivals, Cloudflare Reveals
In a surprising turn of events, Cloudflare’s 2025 Q2 DDoS Threat Report has pulled back the curtain on a murky side of business competition: Distributed Denial of Service (DDoS) attacks. The report, drawing from a comprehensive survey of customers, reveals that a staggering 63% of all customer-identified DDoS attacks are attributed directly to business rivals. This isn’t just about technical vulnerabilities; it’s about competitive sabotage in the digital age.
The findings send a clear message, particularly to the burgeoning crypto, gambling, and gaming industries, which were cited as the most frequent targets of these competitor-initiated assaults. While 71% of respondents admitted they couldn’t identify their attackers, the 29% who could painted a stark picture of deliberate disruption. Beyond competitive rivalry, the report also highlighted the persistent threat of state-sponsored attacks (21%) and even accidental self-inflicted DDoS incidents (5%) due to server misconfigurations.
Shifting Battlegrounds: Who’s Under Fire?
Traditionally, one might assume the United States, with its vast digital infrastructure, would be the primary target. However, Cloudflare’s data shows a significant geographical shift. China has dramatically climbed from third to first place as the most DDoS-attacked location. Brazil also saw a notable surge, moving up four positions to second place, while Vietnam made an impressive fifteen-place leap to secure eighth. Countries like Turkey and Hong Kong, conversely, saw their attack rankings drop.
When it comes to industries, telecommunications faced the brunt of the attacks, followed closely by Internet and Information Technology Services. The highly competitive Gaming and Gambling sectors rounded out the top four, underscoring the report’s emphasis on competitor-driven attacks. Banking/Financial and Retail also remained significant targets.
Tracing the Origins: A Global Web of Threats
Pinpointing the true origin of a DDoS attack is complex, as malicious actors often route traffic through proxies or compromised devices. Cloudflare’s data on “country-level sources” reflects where botnet nodes or VPN endpoints reside, not necessarily the attacker’s physical location. Despite this, Indonesia, Singapore, and Hong Kong emerged as the top three sources of DDoS attacks, with Ukraine surprisingly ranking fifth. Cloudflare also noted that countries with strong privacy laws, like the Netherlands (ninth-largest source), might appear higher on the list due to the prevalence of VPN usage within their borders.
The report further drilled down into the Autonomous System Numbers (ASNs) – unique identifiers for networks – that are common sources of these attacks. Familiar names in cloud hosting and internet services like Drei-K-Tech-GmbH (now the leading source, jumping six places), DigitalOcean, Hetzner, Microsoft, and Google Cloud Platform were all identified as significant origin points. This highlights a critical challenge: malicious actors often abuse legitimate cloud infrastructure to launch their attacks.
Towards a Safer Digital Future: The Path to Mitigation
Cloudflare isn’t just reporting on the problem; they’re actively working on solutions. The company emphasized its “DDoS Botnet Threat Feed for Service Providers,” a free program designed to help cloud computing and hosting providers identify and neutralize abusive accounts on their networks. With over 600 organizations already signed up, this collaborative effort is proving crucial in dismantling botnets and making the internet a safer place for everyone.
The report serves as a stark reminder that DDoS attacks are an ever-evolving threat, increasingly driven by business rivalries and leveraging sophisticated infrastructure. Effective mitigation demands not just advanced technology, but also unprecedented collaboration among service providers to cut off the oxygen supply to these pervasive digital assaults.
