Searching...
  1. Help Center Home
  2. Help & Support
  3. 2025 Significant Rise in Bot Traffic

2025 Significant Rise in Bot Traffic

Overview

Some CIMcloud customers have seen intermittent bot / DDoS attacks that is consistent with overall industry trends in 2025 (a significant rise in bot-driven attacks leveraging AI tactics to avoid detection by modern firewalls and associated services (including using modern AI-powered scrapers can rotate IP addresses, mimic plausible browsing patterns, and use large language models (LLMs) to understand and navigate complex websites to avoid traditional defenses).

CIMcloud has many included services to attempt to protect customer websites from these types of malicious & illegal attacks (by detecting and blocking the traffic real-time).  In some cases, additional specialized services (like those provided by Cloudflare) may be recommended for customers to maintain performance of their public-facing CIMcloud sites.

The below article provides additional details of the state of the overall industry.

If you are interested in using a service like Cloudflare, this article provides more details on how services like Cloudflare can be set up and run with your CIMcloud site(s).

2025 Findings (as of mid-Q3 2025)

Recent reports from Cloudflare indicate a significant and growing threat from bot-driven Distributed Denial of Service (DDoS) attacks, which have reached record-breaking scale and frequency in 2025. Threat actors are increasingly using sophisticated, AI-powered bots to bypass security measures and launch attacks for financial, political, and competitive motives.

Escalation of DDoS attacks

Cloudflare’s data for 2025 shows a dramatic increase in the intensity and volume of DDoS attacks.

  • Record-breaking size: Cloudflare has autonomously blocked the largest DDoS attacks ever recorded in 2025, including one in April reaching 6.5 Tbps, one mid-May peaking at 7.3 Tbps and one in September peaking at 22.2 Tbps.
  • Hyper-volumetric attacks: These massive attacks, exceeding 1 Tbps or 1 Bpps, have become a regular occurrence. In Q2 2025, Cloudflare blocked over 6,500 such attacks—an average of 71 per day.
  • Spike in attack volume: The total number of DDoS attacks blocked in the first half of 2025 (27.8 million) is already 130% of the total for all of 2024, representing an unprecedented acceleration in attacks.

Rise of AI-powered bots

Advancements in AI are creating more advanced and evasive botnets, posing new challenges for defenders.

  • Evading detection: Modern AI-powered scrapers can rotate IP addresses, mimic plausible browsing patterns, and use large language models (LLMs) to understand and navigate complex websites to avoid traditional defenses.
    Scaling speed and scope: AI allows attackers to launch bot attacks with greater scale and speed than ever before, overwhelming existing defenses.
  • Bot-driven authentication requests: In March 2025, Cloudflare reported that over 94% of authentication requests were automated by bots. While some are legitimate, the volume of malicious bot traffic far exceeds benign automated login attempts.

Evolving threat landscape

Attackers are using new tactics and targeting a wider range of industries.

  • Ransom DDoS: Reports of ransom DDoS attacks soared in June 2025, with one-third of targeted organizations receiving threats or ransom demands.
  • Targeting critical infrastructure: Hosting providers, telecommunications companies, and other critical internet infrastructure have increasingly become targets for sophisticated DDoS attacks.
  • New attack vectors: In Q2 2025, attacks exploiting lesser-known and legacy protocols, such as Teeworlds floods, saw dramatic increases as attackers experimented with ways to evade standard security measures.
  • Competition as a motive: A survey of Cloudflare customers in Q2 2025 found that 63% of those who identified their attacker pointed to business competitors as the culprits, particularly in the gaming, gambling, and crypto industries.
  • Geopolitical factors: Geopolitical tensions continue to drive attacks, with surges observed against specific nations and industries.

Cloudflare’s response (FYI)

In response to these escalating threats, Cloudflare is developing more adaptive security measures. This includes:
Autonomous defenses: Cloudflare’s autonomous systems can detect and mitigate massive DDoS attacks in seconds, often without human intervention.

  • Per-customer defenses: The company is building more granular, per-customer security protections to counteract sophisticated AI bots that blend in with legitimate traffic.
  • Botnet threat intelligence: Cloudflare offers a free DDoS Botnet Threat Feed to help network providers identify and take down abusive accounts originating from their infrastructure.
  • AI for defense: Cloudflare is also using AI to build defenses that can adapt to adversarial AI threats and distinguish malicious bots from legitimate users.

CIMcloud’s response

CIMcloud is continuing to iterate it’s many included services aimed at protecting customer websites from these types of malicious & illegal attacks (by detecting and blocking the traffic real-time).  In some cases, additional specialized services (like those provided by Cloudflare) may be recommended for customers to maintain performance of their public-facing CIMcloud sites.

If you are interested in using a service like Cloudflare, this article provides more details on how services like Cloudflare can be set up and run with your CIMcloud site(s).

Was this article helpful

Yes No

Related Articles

Subscribe to receive email updates of what's new in the CIMcloud Help Center.