The DDoS Arms Race: How 2025 Became the Year of Record-Breaking Cyber Assaults

Executive Summary

In September 2025, Cloudflare mitigated an 11.5 terabits per second (Tbps) distributed denial-of-service (DDoS) attack—a record that stood for just three weeks before being shattered by a 22.2 Tbps assault. These unprecedented attacks represent the culmination of a multi-year escalation that has seen volumetric DDoS attacks grow from 1-2 Tbps in 2020 to over 20 Tbps in 2025. This analysis examines the record-breaking attacks of 2025, the technology enabling them, the defenders fighting back, and what organizations must do to survive in an era where billion-packet-per-second attacks have become routine.

When Cloudflare Sneezes, Half the Internet Catches a Cold: The November 2025 Outage and the Critical Need for Third-Party Risk Management

Executive Summary On the morning of November 18, 2025, a configuration error at Cloudflare triggered a cascading failure that rendered significant portions of the internet inaccessible for several hours. ChatGPT, X (formerly Twitter), Spotify, League of Legends, and countless other services went dark, exposing an uncomfortable truth: our modern digital

Breached CompanyBreached Company

The September Record: 11.5 Tbps in 35 Seconds

The Attack That Redefined "Hyper-Volumetric"

On September 2, 2025 (Labor Day weekend in the United States), Cloudflare detected and autonomously mitigated what was then the largest DDoS attack ever recorded. The assault peaked at 11.5 terabits per second and 5.1 billion packets per second, lasting approximately 35 seconds before Cloudflare's automated defenses neutralized it.

The attack targeted an unnamed hosting provider customer and came during a period of elevated activity. As Cloudflare noted in their disclosure: "Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps."

Attack Profile

Key Characteristics:

• Peak Volume: 11.5 Tbps / 5.1 billion packets per second
• Duration: Approximately 35 seconds
• Attack Type: UDP flood
• Attack Sources: Combination of compromised IoT devices and cloud infrastructure (initially reported as primarily Google Cloud, later clarified to include multiple cloud and IoT providers)
• Target: Hosting provider (unnamed)
• Mitigation Time: Automated detection and mitigation within seconds

The Cloud Exploitation Problem

Initial reports suggested the attack primarily originated from Google Cloud Platform, raising alarm bells about the exploitation of legitimate cloud infrastructure for DDoS attacks. Cloudflare later clarified that while GCP was one source, the attack actually came from "a combination of several IoT and cloud providers."

This distinction is important but doesn't diminish the core problem: attackers are increasingly leveraging the unlimited bandwidth and global infrastructure of major cloud platforms to launch devastating assaults. As one security researcher noted: "Attackers exploit cloud platforms because they offer unlimited bandwidth through pay-as-you-go models, global infrastructure for distributed attacks, and legitimate traffic appearance that may bypass security filters."

The Arms Race Against Digital Tsunamis: How Microsoft, Google, and Amazon Are Stopping Record-Breaking DDoS Attacks in 2025

On October 24, 2025, a digital tsunami slammed into Microsoft Azure’s Australian endpoint. 15.72 terabits per second (Tbps) of malicious traffic—equivalent to streaming 3.5 million Netflix movies simultaneously—flooded the network from over 500,000 compromised IP addresses. The attack peaked at 3.64 billion packets per

Hacker Noob TipsHacker Noob Tips

The AISURU Botnet Connection

Chinese cybersecurity firm Qi'anxin's XLab research division attributed the 11.5 Tbps attack to the AISURU botnet, a sophisticated malware operation that had infected more than 300,000 devices worldwide. The botnet saw a sudden surge in April 2025 after compromising a Totolink router firmware update server, allowing mass infection of devices checking for updates.

AISURU targets multiple device types:

• IP cameras and DVRs/NVRs
• Realtek-based devices
• Routers from T-Mobile, Zyxel, D-Link, Linksys, and Totolink
• Network video recorders and other IoT devices

The AISURU malware establishes encrypted connections to command-and-control servers and can be commanded to scan the internet for additional vulnerable devices, creating a self-propagating infection cycle.

Three Weeks Later: The 22.2 Tbps Behemoth

Doubling the Record

On September 23, 2025—just 21 days after the 11.5 Tbps attack—Cloudflare revealed they had mitigated an even more massive assault: 22.2 terabits per second and 10.6 billion packets per second. The attack lasted 40 seconds and nearly doubled the previous record.

Comparison of September 2025 Records:

To put these numbers in perspective: The 22.2 Tbps attack transferred approximately 110 terabytes of data in 40 seconds. That's equivalent to:

• Streaming 27,500 full-length HD movies simultaneously
• Uploading 22 million high-resolution photos
• 22,000 hours of 4K video streaming compressed into 40 seconds

Attack Methodology Evolution

While Cloudflare hasn't released comprehensive technical details on the 22.2 Tbps attack, the rapid escalation suggests several concerning trends:

Botnet Scale and Coordination: Launching a 22 Tbps attack requires coordinating hundreds of thousands of compromised devices with high-bandwidth connections. The doubling of attack size in three weeks suggests either a massive new botnet came online or existing botnets consolidated their operations.

Amplification Techniques: UDP-based attacks can leverage amplification, where a small request generates a much larger response. Attackers may have refined these techniques to achieve higher amplification ratios.

Cloud Resource Abuse: The continued exploitation of cloud infrastructure suggests attackers have developed more sophisticated methods for compromising or abusing cloud instances at scale.

The Year of Escalation: 2025 DDoS Trends

By the Numbers

The attacks in September represented the culmination of a year-long escalation:

Q1 2025:

• Cloudflare blocked 20.5 million DDoS attacks (358% year-over-year increase)
• 96% of all attacks blocked in the entire year of 2024

Q2 2025:

• Cloudflare blocked 7.3 million DDoS attacks
• Over 6,500 hyper-volumetric attacks (averaging 71 per day)
• Record 7.3 Tbps attack in May/June 2025 (37.4 TB in 45 seconds)

First Half 2025:

• 27.8 million total DDoS attacks blocked
• Already exceeded all of 2024's total (21.3 million)
• HTTP-based DDoS attacks increased 129% year-over-year

The Path to 22 Tbps: Recent Record Progression

The journey to today's massive attacks shows steady escalation:

• October 2024: 3.8 Tbps attack sets new record
• May 2025: 7.3 Tbps attack doubles the 2024 record
• September 2, 2025: 11.5 Tbps attack (+57% over May)
• September 23, 2025: 22.2 Tbps attack (+93% over September 2)

This represents a 483% increase in peak attack size in just 11 months—from 3.8 Tbps to 22.2 Tbps.

Akamai's Defense Operations: A Different Battlefield

While Cloudflare battles hyper-volumetric attacks measured in terabits, Akamai faces a different but equally concerning threat landscape characterized by duration and sophistication.

The 419 TB Attack: Volume Through Persistence

In July 2024, Akamai prevented one of its largest-ever DDoS attacks against a major Israeli financial institution. While the peak bandwidth (exact figures not disclosed but described as "highly sophisticated") was lower than Cloudflare's records, the attack's duration was extraordinary: nearly 24 hours of sustained assault.

Key Metrics:

• Total Data: 419 terabytes blocked
• Duration: ~24 hours
• Targets: 278+ IP addresses simultaneously
• Attack Vectors: UDP flood, UDP fragmentation, DNS reflection, PSH+ACK floods, and others
• Geographic Distribution: Global botnet with no single scrubbing center handling more than 100 Gbps

The attack represents a different strategic approach: rather than overwhelming defenses with short bursts of massive traffic, attackers sustained high volume over extended periods, testing defender endurance and potentially exhausting automated mitigation budgets.

Akamai's 2025 Observations

Akamai's threat intelligence reveals troubling trends:

Horizontal Attacks: Attackers increasingly target multiple IP addresses and services simultaneously (HTTP, DNS, IPSEC, SD-WAN, SIEM interfaces, FTPS, TCP, UDP) to find weak points before concentrating fire.

AI-Enabled Reconnaissance: The wide availability of AI tools allows attackers to "cast a wide net, systematically check for defense vulnerabilities, identify weak points, and then pool resources to go after the weakest link."

Duration Over Volume: While headline-grabbing terabit attacks get attention, Akamai notes that "smaller but more persistent floods, application-layer disruptions, and multi-vector campaigns can be just as damaging—or more—if they slip past detection."

Layer 7 Surge: Application-layer (HTTP) attacks increased significantly in late 2024 and 2025, particularly targeting financial services and critical infrastructure in North America, Europe, and Asia-Pacific.

The European Battleground

On July 21, 2022, Akamai mitigated the largest DDoS attack against a European customer on their Prolexic platform: 853.7 Gbps and 659.6 Mpps over 14 hours. The victim, an Eastern European customer, had been targeted 75 times in the previous 30 days with attacks using UDP floods, UDP fragmentation, ICMP floods, RESET floods, SYN floods, TCP anomalies, and more.

This attack highlighted how geopolitical conflicts drive sustained DDoS campaigns. European organizations, particularly in Eastern Europe, face not just one-off attacks but coordinated campaigns spanning weeks or months.

U.S. Financial Sector Under Siege

In September 2023, Akamai prevented the largest DDoS attack against a U.S. financial institution: 633.7 Gbps and 55.1 million packets per second. The attack lasted less than two minutes but targeted the bank's primary web landing page in an attempt to disrupt online banking.

The financial sector faces unique DDoS risks:

• Attacks often serve as smokescreens for other malicious activity
• Direct revenue impact from service outages
• Regulatory implications of service availability failures
• Connection to triple extortion ransomware campaigns

The Technology Behind the Madness: How 22 Tbps Is Even Possible

The Perfect Storm of Infrastructure

Achieving 22 Tbps attack volumes requires a convergence of several factors:

1. IoT Device Proliferation

Billions of insecure IoT devices provide the raw computational power:

• Home routers with gigabit connections
• IP cameras and DVRs with always-on connections
• Smart home devices with minimal security
• Network video recorders in businesses
• Compromised cloud instances in data centers

2. Bandwidth Availability

Modern internet connections enable massive attacks:

• Residential gigabit fiber connections (1 Gbps per device)
• 10 Gbps cloud instances readily available
• 100 Gbps+ connections in data centers
• Compromised hosting providers with terabit-scale bandwidth

3. Protocol Exploitation

UDP flood attacks remain devastatingly effective:

• No connection handshake required (unlike TCP)
• Spoofed source addresses hide attacker origin
• Amplification via reflection (DNS, NTP, SSDP)
• Fragments bypass simple filtering

4. Botnet Infrastructure

Sophisticated command and control:

• Encrypted C2 communications (harder to detect/disrupt)
• Distributed C2 architecture (no single point of failure)
• Automated victim scanning and infection
• Pay-per-use DDoS-for-hire services

5. Cloud Platform Abuse

Legitimate infrastructure turned weapon:

• Stolen cloud credentials
• Compromised cloud instances
• Abuse of free trial accounts
• Pay-as-you-go attack infrastructure

The Math of Massive DDoS

To understand what 22.2 Tbps means in practical terms:

If using compromised residential connections at 1 Gbps each:

• Requires: 22,200 devices attacking simultaneously
• Reality: Need 3-5x more due to connection variability
• Estimate: 70,000-110,000 compromised devices

If using compromised cloud instances at 10 Gbps each:

• Requires: 2,220 instances
• Cost (if paying): $22,000-$44,000 per hour in cloud fees
• Reality: Attackers use stolen/compromised instances

Data transfer in 40 seconds:

• 110,000,000,000,000 bytes (110 terabytes)
• 880,000,000,000,000 bits
• 2,750,000,000 bits per millisecond

Defense at Scale: How Cloudflare and Akamai Survive

Cloudflare's Global Network

Cloudflare's ability to mitigate 22 Tbps attacks relies on several key capabilities:

1. Anycast Network

• 330+ data centers in 120+ countries
• Traffic automatically routed to nearest location
• Attack traffic distributed across entire network
• No single point becomes overwhelmed

2. Capacity Advantage

• Network capacity exceeds attack volumes
• Can absorb terabit-scale attacks without degradation
• Legitimate traffic continues flowing to non-affected IPs

3. Automated Detection and Mitigation

• Machine learning identifies attack patterns in seconds
• No human intervention required for initial response
• Can respond faster than attacks escalate (critical for 35-40 second attacks)

4. Multi-Layer Filtering

• Rate limiting based on source characteristics
• Geo-blocking when attacks originate from specific regions
• Protocol-specific filtering (TCP vs UDP)
• Application-layer intelligence for L7 attacks

Akamai's Approach: People, Process, Technology

Akamai emphasizes the combination of:

Technology:

• Global scrubbing centers
• Prolexic platform for attack mitigation
• Integration with Akamai's massive CDN infrastructure

People:

• 225+ frontline responders across 6 global locations
• Decades of expertise in sophisticated attacks
• 24/7/365 security operations centers

Process:

• Optimized DDoS incident response plans
• Custom runbooks for each customer
• Service validation procedures
• Operational readiness drills

Akamai's philosophy: "DDoS defense cannot truly be measured by dropped packets, but by user experience. The real questions are simple: did web pages stay up, did APIs respond, did businesses keep running? True resilience means customers never even realize an attack happened."

The Threat Actors: Who's Behind the Attacks?

Motivations Driving Massive DDoS

1. Hacktivism and Geopolitics

The ongoing conflicts in Ukraine, Israel/Palestine, and other regions fuel DDoS campaigns:

• Pro-Russia groups like NoName057(16) targeting European infrastructure
• Pro-Palestinian coalitions attacking Israeli organizations
• State-aligned groups masking as hacktivists (Russia's Sandworm using "Cyber Army of Russia Reborn" persona)

According to ENISA's 2024-2025 Threat Landscape report, hacktivism represented 79% of all incidents, dominated by DDoS attacks (91.5%).

2. Cybercrime and Extortion

DDoS-as-a-Service makes attacks accessible:

• Stresser/booter services rent attack capacity
• Ransom DDoS: "Pay or we'll take you offline"
• Triple extortion: Data theft + encryption + DDoS threat
• Competitive attacks: Rivals taking down businesses

3. Testing and Research

Some massive attacks serve as proof-of-concept:

• Testing new botnet capabilities
• Demonstrating power to potential customers
• Research into defense capabilities
• Nation-state capability development

4. Smokescreen Operations

DDoS attacks can distract from other activities:

• Drawing attention while data exfiltration occurs
• Overwhelming SOC teams while planting backdoors
• Forcing incident responders to focus on availability instead of other threats

Notable Threat Groups

Anonymous Sudan: Indicted by U.S. authorities in 2024 after conducting over 35,000 DDoS attacks. Despite the name, investigations revealed potential connections to Russian state interests.

RapperBot Operators: Exploit security flaws in NVRs and IoT devices to build massive botnets. Methodology: "scan the Internet for old edge devices (like DVRs and routers), brute-force or exploit and make them execute the botnet malware."

AISURU Botnet: Attributed to the September 11.5 Tbps attack, this botnet infected 300,000+ devices globally through compromised firmware updates and vulnerability exploitation.

The Economic Impact: Billions in Losses

Direct Costs

Cloudflare outage (November 18, 2025): $5-15 billion per hour in economic impact during the configuration error that took down 20% of the web. While not caused by DDoS, it illustrates the value of CDN/DDoS protection infrastructure.

AWS October 2024 outage: Estimated $75 million per hour in losses across affected services.

Per-Attack Costs:

• E-commerce sites: Thousands to millions per hour depending on size
• Financial services: Regulatory penalties plus revenue loss
• Healthcare: Delayed care, regulatory issues
• Gaming: Subscriber churn, reputation damage

Indirect and Long-Term Costs

Reputation Damage: Customers lose trust in organizations that experience frequent outages, even when caused by DDoS attacks beyond the company's control.

Defensive Investments: Organizations must invest in:

• DDoS mitigation services ($thousands to $millions annually)
• Increased bandwidth capacity
• Additional infrastructure redundancy
• 24/7 security monitoring
• Incident response capabilities

Insurance Premiums: Cyber insurance costs increase as DDoS attacks become more common and severe.

What Organizations Must Do: A Strategic Response Framework

Immediate Actions (This Week)

1. Assess Current DDoS Protection

• Do you have any DDoS protection currently?
• What attack volumes can it handle?
• Is protection "always-on" or "on-demand"?
• What's your time-to-mitigation if attacked?

2. Identify Critical Services

• Which services cannot tolerate any downtime?
• What's the business impact of each service being offline?
• Which services are customer-facing vs internal?

3. Document Current Baseline

• Normal traffic patterns and volumes
• Peak traffic during busy periods
• Bandwidth capacity at each connection point
• Upstream ISP capabilities

4. Establish Vendor Relationships

• Contact Cloudflare, Akamai, or other DDoS mitigation providers
• Understand pricing models and capabilities
• Get quotes for your traffic profile

Medium-Term Investments (This Quarter)

1. Deploy Cloud-Based DDoS Protection

Modern DDoS defense requires cloud-scale infrastructure:

• On-premises appliances fail: A 10 Gbps appliance cannot stop a 100 Gbps attack
• Cloud scrubbing works: Traffic routes through provider's massive network first
• Always-on preferred: Instant protection without manual activation

Service Options:

• Cloudflare (Magic Transit, Spectrum)
• Akamai (Prolexic, App & API Protector)
• AWS Shield Advanced
• Azure DDoS Protection
• Google Cloud Armor

2. Implement Multi-Layer Defense

Don't rely on a single protection method:

• Layer 3/4 protection: For volumetric attacks
• Layer 7 protection: For application-layer attacks
• Rate limiting: Prevent overwhelming origin even with clean traffic
• Geo-blocking: Block regions you don't serve
• Bot management: Distinguish legitimate from malicious automated traffic

3. Architect for Resilience

Infrastructure decisions impact DDoS resilience:

• Use CDN for static content: Reduce origin load
• Deploy Anycast: Distribute traffic geographically
• Over-provision bandwidth: Don't run at capacity normally
• Implement caching: Reduce database/origin hits
• Use load balancers: Distribute legitimate traffic

4. Establish Monitoring and Alerting

Know when you're under attack:

• Real-time traffic analysis
• Anomaly detection for unusual patterns
• Integration with DDoS mitigation providers
• Automated alerting to security team
• Dashboard for executive visibility

Long-Term Strategic Planning

1. Develop DDoS Incident Response Plan

Document specific procedures:

• Detection: How do we know we're under attack?
• Activation: Who authorizes mitigation activation?
• Communication: Who notifies customers, executives, board?
• Escalation: When do we involve external help?
• Recovery: How do we validate service restoration?
• Post-mortem: How do we learn and improve?

2. Conduct Regular Testing

DDoS defense requires practice:

• Tabletop exercises: Quarterly scenario walk-throughs
• Synthetic attacks: Controlled tests with provider cooperation
• Failover drills: Practice switching to backup infrastructure
• Communication tests: Validate alert and notification systems

3. Build Organizational Awareness

Everyone plays a role:

• Executives: Understand business risk and approve investments
• Marketing: Manage customer communication during attacks
• Customer support: Handle influx of "site is down" reports
• Development: Build applications with resilience in mind
• Security: Monitor, detect, and coordinate response

4. Consider Cyber Insurance

Specialized DDoS coverage can offset costs:

• Business interruption during attacks
• Mitigation service costs
• Forensic investigation expenses
• Public relations and notification costs
• Legal fees from customer/partner impacts

The Future: Where Do We Go From Here?

The 100 Tbps Question

If attacks have grown from 3.8 Tbps to 22.2 Tbps in 11 months, what does 2026 hold?

Factors Enabling Further Growth:

• Continued IoT proliferation (estimates: 75 billion IoT devices by 2025)
• 5G networks providing faster connections to mobile devices
• Increased cloud adoption creating more potential compromise targets
• AI/ML tools making botnet management more efficient

Factors Limiting Growth:

• Physical bandwidth constraints at internet exchange points
• Defender capacity keeping pace with attack evolution
• Law enforcement disrupting major botnets
• Improved IoT security standards (albeit slowly)

Industry experts predict attacks could reach 50-100 Tbps within 2-3 years if current trends continue.

Defender Innovations

AI-Powered Detection:

• Machine learning identifying attack patterns faster
• Behavioral analysis distinguishing legitimate from malicious traffic
• Predictive analytics anticipating attacks before they peak

Decentralized Defense:

• Blockchain-based DDoS protection networks
• Peer-to-peer traffic scrubbing
• Distributed autonomous mitigation

Protocol Improvements:

• QUIC adoption reducing UDP flood effectiveness
• IPv6 transition enabling better source authentication
• DDoS Open Threat Signaling (DOTS) for automated mitigation coordination

Regulatory and Policy Responses

Governments are beginning to treat DDoS infrastructure as a serious threat:

IoT Security Regulations:

• UK's Product Security and Telecommunications Infrastructure Act (2022)
• EU Cyber Resilience Act requiring security by design
• California IoT Security Law (SB-327)

Botnet Disruption Operations:

• FBI's Operation PowerOFF targeting DDoS-for-hire services
• Europol's Operation Endgame dismantling botnet infrastructure
• International cooperation on cross-border cybercrime

Critical Infrastructure Protection:

• Designation of DDoS mitigation providers as critical infrastructure
• Mandatory incident reporting for large-scale attacks
• Resilience requirements for organizations in critical sectors

Lessons from the Escalation

For Organizations

1. "If" Has Become "When" Every internet-facing organization will eventually face DDoS attacks. The question is whether you'll be ready when it happens.

2. Defense Requires Scale On-premises solutions cannot stop modern attacks. Cloud-based mitigation is now essential, not optional.

3. Speed Matters When attacks last 35-40 seconds, manual intervention is impossible. Automated detection and mitigation is mandatory.

4. Cost of Protection < Cost of Failure DDoS mitigation services may seem expensive until you calculate the cost of being offline during an attack.

5. Test Before You Need It Discovering your DDoS protection doesn't work during an actual attack is too late.

For the Security Industry

1. Capacity Must Exceed Threats Defense providers must maintain infrastructure capacity ahead of attack growth curves.

2. Democratization of Defense Small organizations need access to enterprise-grade protection at reasonable costs.

3. Intelligence Sharing Matters Collaborative threat intelligence helps everyone defend better and faster.

4. Attribution Is Hard But Important Understanding who's behind attacks helps with legal action and deterrence.

For Society

1. IoT Security Can't Wait Billions of insecure devices create the infrastructure for massive attacks. Regulation and industry standards must accelerate.

2. Internet Resilience Is National Security When 20% of the web can go down from a single provider's outage (as happened with Cloudflare in November 2025), internet infrastructure becomes a national security issue.

3. Norms and Deterrence Need Development International norms about state-sponsored DDoS attacks and the use of hacktivists as proxies remain underdeveloped.

Conclusion: The Arms Race Continues

The escalation from 11.5 Tbps to 22.2 Tbps in three weeks represents more than just bigger numbers—it demonstrates that attackers and defenders are locked in an accelerating arms race. Each defensive innovation prompts attackers to develop new techniques. Each new botnet capability forces defenders to expand their infrastructure.

Key takeaways for security professionals:

The Threat Is Real and Growing:

• DDoS attacks increased 358% year-over-year in Q1 2025
• Peak attack volumes growing ~100% every few months
• 27.8 million attacks in first half of 2025 alone

Defense Is Possible But Requires Investment:

• Cloud-based mitigation services can stop even 22 Tbps attacks
• Automated detection and response is essential
• Always-on protection beats on-demand activation

No One Is Immune:

• Attacks target hosting providers (affecting many customers)
• Financial institutions face elevated risk
• Healthcare, government, media all experience DDoS campaigns

Preparedness Determines Survival:

• Organizations with DDoS protection stayed online
• Those without protection faced extended outages
• Testing and planning make the difference in crisis

The 22.2 Tbps attack won't be the last record. As long as insecure IoT devices proliferate and cloud infrastructure can be exploited, attacks will continue to grow. The question for every organization is simple: When the next record-breaking attack targets your infrastructure, will you be ready?

Related Articles

• Record-Breaking 3.8 Tbps Distributed Denial-of-Service (DDoS) Attack - Analysis of the October 2024 attack that set the previous record
• The Evolution of DDoS Attacks: From Mirai to Hyper-Volumetric Threats - Comprehensive history of DDoS attack evolution
• When the Cloud Falls: Third-Party Dependencies and the New Definition of Critical Infrastructure - Understanding infrastructure dependencies
• The Digital Battlefield: How Three Major DDoS Attacks in July 2025 Reveal Evolving Cyber Warfare Tactics - Geopolitical dimensions of DDoS campaigns
• The Cyber Proxy War: How Israel and Iran Are Fighting Through Hacktivist Coalitions - How nation-states use DDoS attacks

Additional Resources

For Immediate DDoS Protection

• Cloudflare DDoS Protection
• Akamai Prolexic
• AWS Shield

Vendor Risk Management

• CISO Marketplace VRM Services - Assess your DDoS mitigation provider's capabilities

Threat Intelligence

• Cloudflare DDoS Threat Reports (Quarterly)
• Akamai State of the Internet / Security Reports
• CISA DDoS Defense Guidance

This article is part of our ongoing coverage of critical infrastructure security and DDoS threat analysis. For incident response consulting, DDoS mitigation planning, or vCISO services, visit QSai LLC or explore our resources at CISO Marketplace.