If you're reading this article, I can be pretty sure your organization relies on the internet. It may be for serving customers, delivering apps, running cloud services, or simply maintaining your day-to-day operations.
The fact is if your connection to the internet is disrupted, it is likely that there will be an impact on your business to a lesser or greater extent.
And that's why a new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen.
In Cloudflare's Q3 2025 DDoS Threat Report, it is revealed that recent months have seen a dramatic escalation in DDoS attacks, culminating in a record-breaking 29.7 terabit-per-second attack linked to a massive botnet called Aisuru.
And according to Cloudflare's experts, the massive attack is not an oddity — it's a sign of where things are going.
At nearly 30 terabits per second, the "carpet-bombing" Aisuru attack bombarded an average of 15,000 destination ports per second, while randomizing packet attributes to evade defenses.
Launched from an estimated 1-4 million compromised devices worldwide, such as hacked routers, cameras, and other internet-connected systems, Aisuru would have had no problems overwhelming systems within company premises, disrupting their operations, and preventing them from performing their business functions.
And parts of the Aisuru botnet are available for hire — meaning anybody could launch devastating attacks for just a few hundred dollars.
According to Cloudflare, it mitigated more than 8.3 million DDoS attacks in just three months — a 48% increase compared to the previous year. Hyper-volumetric attacks (DDoS attacks at such a scale that traditional mitigation approaches simply cannot keep up) jumped 54% quarter-over-quarter.
One sector finding itself the target in this surge of DDoS attacks is artificial intelligence. AI firms experienced a 347% month-over-month surge in targeted attacks in September, according to Cloudflare's research.
There is a risk that many people may assume that it is only high-profile organizations that are targeted by DDoS attacks. The truth is that attackers will often not care who you are. Your business may be targeted because you're part of another firm's supply chain, or because your infrastructure is located near the actual target, or if your services can be disrupted at a low cost.
The availability of botnets-for-hire means that small businesses can now be knocked offline by DDoS traffic that once might have required the capabilities of a nation state.
And let's not forget that a DDoS attack doesn't have to last long to be costly. Even a few minutes of downtime can damage your reputation, cause a loss in revenue, and may require you to make efforts to recover properly, which can take days.
Sadly, we live in a world where companies are probably wise to assume that being targeted by a DDoS attack is inevitable. What matters is how well you manage to mitigate against it. Taking the time now to assess whether your current defenses can handle a significant volume of attacks and incorporating DDoS scenarios into incident response planning has become more critical than ever.
Protecting your organization from attack is not optional. It is fundamental to staying online, staying trusted, and remaining competitive.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
Cybersecurity for Your Industry
Your industry is unique. Your cybersecurity stack should be, too. Fortra® offers cybersecurity solutions to meet the challenges and compliance requirements of industries around the world.
