Web infrastructure firm Cloudflare stated it not too long ago blocked the biggest recorded volumetric distributed denial-of-service (DDoS) assault, which peaked at 11.5 terabits per second (Tbps).
In volumetric DDoS assaults, attackers overwhelm the goal with huge quantities of knowledge, consuming the bandwidth or exhausting system assets, leaving authentic customers with no entry to the focused servers and providers.
“Cloudflare’s defenses have been working time beyond regulation. Over the previous few weeks, we have autonomously blocked a whole lot of hyper-volumetric DDoS assaults, with the biggest reaching peaks of 5.1 Bpps and 11.5 Tbps,” the corporate stated in a Tuesday tweet.
“The 11.5 Tbps assault was a UDP flood that primarily got here from Google Cloud,” it said, whereas displaying in an connected picture that the assault solely lasted roughly 35 seconds.
This comes two months after Cloudflare introduced one other record-breaking 7.3 Tbps DDoS assault concentrating on an unnamed internet hosting supplier in June. The earlier report was of three.8 Tbps and two billion packets per second (pps) in an assault that Cloudflare additionally blocked in October 2024.
Microsoft additionally mitigated a 3.47 Tbps volumetric DDoS assault in January 2022, when the attackers focused an Azure buyer from Asia. One other huge DDoS assault took down and disrupted a number of Microsoft 365 and Azure providers worldwide in July 2024.
​In April, Cloudflare additionally revealed in its 2025 Q1 DDoS Report that it mitigated a report variety of DDoS assaults in 2024, with a 198% quarter-over-quarter enhance and an enormous 358% year-over-year leap.
As the corporate said, it mitigated a complete of 21.3 million DDoS assaults that focused Cloudflare’s prospects final 12 months, in addition to its personal infrastructure in 6.6 million assaults over an 18-day multi-vector marketing campaign.
“Of the 20.5 million DDoS assaults, 16.8M had been network-layer DDoS assaults, and of these 6.6M focused Cloudflare’s community infrastructure straight,” Cloudflare stated on the time.
“These assaults had been a part of an 18 day multi-vector DDoS marketing campaign comprising SYN flood assaults, Mirai-generated DDoS assaults, SSDP amplification assaults to call a number of.”
Essentially the most important spike was seen by network-layer assaults, which additionally noticed the sharpest progress for the reason that begin of 2025, reaching a 509% YoY enhance.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.
