Insights from Cloudflare’s 2025 Internet Review on Attacks, Outages, and Traffic Trends

The internet landscape in 2025 was marked by a dynamic and evolving tapestry of traffic patterns, security challenges, and technological advancements, as highlighted in Cloudflare’s annual Radar Year in Review. This comprehensive report, which aggregates internet measurements from Cloudflare’s extensive global network, offers a fascinating glimpse into how the digital world adapted and evolved throughout the year.

Traffic Trends and Adaptations

In 2025, global internet traffic saw another year of growth, continuing a trend that has persisted over the past decade. However, this growth was not uniform. Peaks in traffic were often correlated with significant news events, major software releases, or outages at popular online platforms. Such fluctuations indicate an internet ecosystem heavily influenced by real-world happenings, highlighting users’ adaptive behaviors as they surged online in response to unfolding events.

Mobile traffic, in particular, took center stage, representing over half of global web usage for much of the year. With the increasing reliance on smartphones and tablets, the activity on mobile devices soared during regional holidays and major events, contrasting with a more stable yet stagnant desktop usage. This shift underscores a growing trend where convenience and accessibility dictate how users engage online.

The Dominance of Encrypted Traffic

A significant point of interest in the 2025 report is the overwhelming prevalence of encrypted traffic. By year’s end, HTTPS requests accounted for over 95% of observed web traffic, a clear testament to the increasing emphasis on security and privacy in online interactions. The decline of plain HTTP traffic further reflects a collective movement toward securing data transmission, rendering unencrypted web activity virtually obsolete.

Rise in DDoS Attacks

One of the more alarming developments reported was the escalation in Distributed Denial-of-Service (DDoS) attacks. Cloudflare documented record-breaking attack volumes throughout the year, with some incidents surpassing earlier benchmarks of terabits per second. Not just larger, these attacks also became more frequent—quick, concentrated bursts aimed at breaching defenses. These short attacks suggested a strategic shift by adversaries, opting for speed to test and bypass automated mitigation frameworks.

The report categorized network layer attacks as the most common but also noted a troubling uptick in application layer attacks, particularly against APIs and dynamic content. These findings serve as a reminder that while attackers continue to use established methods, they adapt and evolve, launching assaults that test the limits of current cybersecurity measures.

Automated Traffic: The Bot Paradox

Automated traffic has become a significant component of the internet’s overall activity, a trend reflected in Cloudflare’s analysis. A considerable share of requests were classified as bot-driven, which includes both benign bots—like search engine crawlers—and malicious ones engaged in scraping and credential stuffing.

Interestingly, the delineation between good and bad bots is becoming increasingly difficult as some automated users employ advanced techniques to mimic legitimate traffic. This blurred line complicates classification efforts and raises questions about how to manage these automated interactions effectively, putting more pressure on security teams to adapt their strategies.

Outages and Their Implications

Major internet outages in 2025 starkly revealed the interdependencies that characterize today’s digital architecture. Cloudflare tracked multiple disruptions caused by routing issues, DNS failures, and software bugs that significantly impacted service accessibility. BGP-related incidents remained particularly troublesome, highlighting the fragility of the protocols that underpin the global internet.

These outages not only created immediate access challenges but also showed how quickly user behavior can shift in the face of service disruptions. Cloudflare noted that during outages at widely-used SaaS platforms, traffic would plummet momentarily only to rebound sharply once services were restored. This responsiveness illustrates the intricate relationship between user habits and service availability.

Country-Level Disruptions Persist

Throughout the year, political events such as elections and protests continued to trigger internet shutdowns in various countries. Cloudflare observed dramatic traffic drops, sometimes exceeding 50%, in response to government actions. Interestingly, these disruptions were not always complete blackouts; throttling and selective blocking became more prevalent, showcasing a nuanced approach to internet control.

Such national-level disruptions have effects that extend beyond borders, particularly when countries host crucial internet services or contain major transit infrastructure. The report demonstrated that as routes change or services become inaccessible, neighboring regions quickly adapt, underscoring the interconnected nature of today’s digital ecosystem.

Real-Time Security Incidents

2025 also brought forth a paradigm shift in how security incidents were tracked and managed. Cloudflare’s findings indicated that malicious traffic spikes occurred almost instantaneously following vulnerability disclosures or exploit releases. This real-time responsiveness indicated that attackers are closely monitoring the same intelligence as defenders, leading to heightened competition in cybersecurity.

Remarkably, mitigation responses became more automated and robust, frequently stabilizing traffic even during the largest attacks. This evolution at the network edge underscores a growing reliance on advanced technologies to defend against the sophisticated threats proliferating within the ever-busy and brittle internet landscape of 2025.