Massive 1.33 Million-Device DDoS Botnet Discovered: A New Era of Cyber Threats

Overview

Cybersecurity experts from Curator (formerly Qrator Labs) have published a new report detailing the cybersecurity landscape for the first quarter of 2025.
The findings are stark: DDoS attacks (Distributed Denial of Service) have surged by 110% compared to the first quarter of 2024.
One revelation stands out: the discovery of a botnet involving an unprecedented 1.33 million compromised devices.

Explosive Growth in Attack Volume

The trend is clear.
Following a 50% increase in DDoS incidents throughout 2024, attacks have continued to rise sharply into 2025.
Notably, Curator’s analysis excludes attacks under 1 Gbps intensity, focusing only on significant and impactful incidents.

Top Targeted Industries

Certain sectors are absorbing the brunt of this offensive:

• IT and Telecom — 26.8% of attacks
  
  
• Fintech — 22.3% of attacks
  
  
• E-commerce — 21.5% of attacks
  
  

Together, these three industries account for a striking 70% of all Layer 3–Layer 4 (L3-L4) DDoS attacks.
The message is clear: digital infrastructure and financial services are in the crosshairs.

Changing Patterns in Attack Intensity

Although the maximum intensity of attacks has decreased compared to record highs in 2024, the average intensity has risen:

• Peak Bandwidth: 232 Gbps (down from 1,140 Gbps in 2024)
  
  
• Peak Packet Rate: 65 million packets per second (Mpps) (down from 179 Mpps)
  
  

Experts warn that the median values for attack bandwidth and packet rate are higher than in 2024, signaling more powerful "average" attacks, even if extreme outliers are rarer.

DDoS Attack Durations: Faster and Shorter

Attack durations are also evolving:

The longest single attack lasted 9.6 hours — a UDP flood targeting a company in the Oil & Gas sector.
However, the overall trend is toward shorter, more intense bursts, rather than prolonged sieges.

A Botnet of Unprecedented Scale

The standout finding: a newly discovered botnet composed of 1.33 million devices.
To grasp its scale:

• Nearly 6× larger than the biggest botnet of 2024 (227,000 devices)
  
  
• About 10× larger than the largest botnet seen in 2023 (136,000 devices)
  
  

This botnet was deployed against an organization in the Online Bookmakers sector, in an attack lasting around 2.5 hours.

Global Origins: Where the Botnet Devices Are Located

The geographical distribution of infected devices highlights a critical vulnerability:

• Brazil: 51.1%
  
  
• Argentina: 6.1%
  
  
• Russia: 4.6%
  
  
• Iraq: 3.2%
  
  
• Mexico: 2.4%
  
  

The vast majority originate from developing countries, where compromised infrastructure is becoming an increasingly serious problem.

Why Developing Nations Are the Epicenter

Several factors contribute to this trend:

• Outdated Hardware: Many devices are no longer supported with security updates, making them easy targets.
  
  
• Improved Connectivity: High-speed internet has spread, giving attackers access to powerful, fast resources.
  
  

This creates a "perfect storm": large numbers of insecure, high-bandwidth devices ready to be recruited into botnets.

What This Means for Cybersecurity

The findings from Q1 2025 mark a new phase in cybersecurity threats:

• Botnets are getting larger.
  
  
• Attack techniques are becoming more efficient.
  
  
• Vulnerable infrastructure in developing regions is being weaponized at scale.
  
  

Organizations — especially those in IT, fintech, and e-commerce — must act swiftly:

• Deploy advanced DDoS mitigation systems
  
  
• Conduct regular network audits
  
  
• Update and patch all devices
  
  
• Monitor global threat intelligence feeds
  
  

The time for passive defense is over. In today’s climate, proactive security is a necessity, not a choice.

Conclusion

The first quarter of 2025 has shown that while DDoS attacks may not always break past peak records, their overall power, frequency, and embeddedness have significantly increased.
The discovery of a botnet containing 1.33 million devices is a wake-up call for businesses, governments, and cybersecurity professionals alike.

As DDoS threats evolve, agility, preparedness, and resilience will be the keys to defense.
Cybersecurity is no longer about stopping attacks — it's about surviving and adapting in an environment where attacks are constant, global, and ever more sophisticated.