Cloudflare Thwarts Record 7.3 Tbps DDoS Assault But Bigger Attacks Are Looming
Cloudflare says it has neutralised the largest distributed-denial-of-service (DDoS) attack ever recorded, a 7.3 terabit-per-second (Tbps) tsunami that briefly hurled 37.4 terabytes of data at an unnamed hosting provider in just 45 seconds.
The barrage, almost entirely a User Datagram Protocol (UDP) flood, was routed through Cloudflare’s Magic Transit service and eclipsed the previous DDoS record by 12 percent. At its peak, the attack hammered an average of 21,925 destination ports every second, maxing out at more than 34,000 ports on a single IP address.
A global swarm
Cloudflare traced the traffic to 122,145 source IPs spanning 161 countries, with the largest volumes emanating from Brazil, Vietnam, Taiwan, China, Indonesia and Ukraine. UDP’s speed—ideal for gaming and real-time streaming—also makes it a favourite for “hyper-volumetric” attacks exceeding 1 Tbps.
Although 99.996 percent of the traffic was UDP, the sliver that wasn’t—just 1.3 GB per second of QOTD, NTP and other reflection vectors—would have been enough to cripple most unprotected sites.
DDoS surge in 2025
Cloudflare mitigated 20.5 million DDoS events in the first quarter alone, a 358 percent year-over-year jump that nearly matches the firm’s tally for all of 2024. The company now blocks roughly eight hyper-volumetric attacks every day, most of them network-layer floods.
Earlier this year, it fended off a 6.5 Tbps blitz thought to originate from the Eleven11bot botnet, which marshals tens of thousands of hijacked webcams and DVRs. Outside Cloudflare’s walls, security firm Radware reports a 550 percent jump in web DDoS incidents globally and warns geopolitical flashpoints are fuelling hacktivist campaigns that can spike hundreds of percent overnight.
How organisations can harden their defences
Security analysts stress that even small businesses are now targets. Key mitigation steps include:
| Strategy | Why it matters |
|---|---|
| Partner with a DDoS-mitigation provider (e.g., Cloudflare, Akamai, Imperva, Radware) | These services absorb or filter traffic at scale most firms can’t match in-house. |
| Filter hostile networks and regions | Blocking traffic from known abusive Autonomous System Numbers or high-risk geographies can cut noise—though savvy actors can still spoof IPs or use global botnets. |
| Segment and distribute infrastructure | Spreading workloads across multiple data centres and cloud regions removes single points of failure. |
| Harden routers and firewalls | Drop junk packets, disable unused protocols such as Telnet and FTP, and ensure edge appliances can withstand high traffic volumes without degrading. |
| Coordinate with upstream ISPs | Ask providers to filter unwanted traffic—especially UDP—before it reaches your perimeter. |
| Deploy Web Application Firewalls (WAFs) | Essential for blocking Layer-7 attacks that target specific web applications. |
| Use redundant DNS and DNSSEC | Multiple DNS providers and cryptographic signing help keep sites reachable if one service is hit. |
| Layer your defences | Combine multiple, overlapping controls so the failure of one doesn’t expose the network. |
| Red-team testing | Run simulated attacks with tools such as hping3 or GoldenEye to spot weaknesses before criminals do. |
The road ahead
With botnets growing in size and the cost of attack tools plummeting, experts expect the next record to fall soon. “Hyper-volumetric floods are no longer rare events—they’re a daily reality,” one analyst noted. For organisations of every size, a robust, multi-layered DDoS posture is shifting from best practice to critical necessity.
Photo Credit: DepositPhotos.com