Cloudflare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention.
The company said in research released Tuesday that the attack, which was launched with a variant of the Mirai botnet, originated from over 13,000 Internet of Things (IoT) devices. The attack aimed to overwhelm the ISP’s servers with UDP (User Datagram Protocol) traffic, potentially forcing them offline. However, Cloudflare’s automated defense systems stopped the attack from ever causing a problem for the ISP’s operations.
“It required no human intervention, didn’t trigger any alerts, and didn’t cause any performance degradation,” Cloudflare wrote in a blog. “The systems worked as intended.”
While the attack was quite large, the company said it wasn’t an isolated incident. The company says there was a 53% increase in DDoS threats in 2024 compared to the previous year, with Cloudflare’s tech blocking approximately 21.3 million DDoS attacks over 12 months.
Notably, Cloudflare’s findings revealed a dramatic 1,885% surge in attacks exceeding 1 Tbps between the third and fourth quarters of 2024. This heightened activity underscores an escalating trend of “hyper-volumetric” DDoS attacks, which allow for hundreds of millions of packets per second to be directed at a target.
The large-scale attacks have grown as botnets have grown, particularly those leveraging variants of the Mirai malware. Since its 2016 inception, it’s been tough to determine how many variants have been created. In the past few years, research has shown there has been anywhere from seven to over 200 different variants. Fittingly, cybersecurity firm Qualys released new research Tuesday that found another Mirai variant targeting AVTECH Cameras and Huawei HG532 routers.
While the magnitude of DDoS attacks has reached new heights, their duration has notably decreased. Cloudflare said approximately 72% of HTTP-based and 91% of network layer DDoS attacks ended in less than 10 minutes, posing significant challenges for traditional mitigation strategies, which often require human analysis and intervention.
These brief-yet-intense assaults commonly coincide with peak internet usage periods — holidays and large-scale events — maximizing potential disruption. Cloudflare says the sharp rise in ransom-driven DDoS attacks, peaking in the last quarter of 2024, further adds to the complexity and persistent threat landscape.
“Too many organizations only implement DDoS protection after suffering an attack,” the company remarked in its blog. “Our observations show that organizations with proactive security strategies are more resilient.”
You can read the full research report on Cloudflare’s website.
