Content distribution network Cloudflare announced on Wednesday that it had recently successfully “auto-mitigated” a record-breaking Distributed Denial of Service (DDoS) attack that peaked at 3.8 terabits per second.
For those unaware, a DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers, to make an online service, network resource, or host machine unavailable.
A DDoS attack uses more than one unique IP address or machine, often from thousands of hosts infected with malware.
According to Cloudflare, the month-long campaign that began in early September 2024 targeted the networkโs infrastructure (network and transport layers L3/4), with one peaking at an astounding 3.8 Tbps and lasting 65 seconds.
Cloudflare pointed out that it had automatically detected and mitigated all the DDoS attacks.
โCloudflareโs defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps). The largest attack peaked 3.8 Tbps โ the largest ever disclosed publicly by any organization. Detection and mitigation was fully autonomous,โ read the blogย postย published by Cloudflare on Wednesday.
This attack campaign – the largest cyberattack in Internet history – targeted multiple customers across various industries, including financial services, the Internet, and telecommunications.
However, the company did not disclose the names targeted in the DDoS attack. It also targeted bandwidth saturation and resource exhaustion of in-line applications and devices.
The threat actor behind the campaign predominantly used the User Datagram Protocol (UDP) on a fixed port, which is designed to transfer data quickly.
The campaign originated from across the globe, with larger portions coming from Vietnam, Russia, Brazil, Spain, and the U.S.
Also, the attacker appeared to use multiple types of compromised devices, which included MikroTik devices, Digital Video Recorders (DVRs), and Web Servers, to flood the target with exceptionally large volumes of traffic.
Further, high bitrate attacks are linked to compromised ASUS routers.
Cloudflare customers using its HTTP reverse proxy services (e.g., Cloudflare WAF and Cloudflare CDN), as well as customers using Spectrum and Magic Transit, are automatically protected.
The last largest volumetric DDoS attack record was held by Microsoft, which defended against an attack thatย peaked at 3.47 Tbpsย and a packet rate of 340 million packets per second in late 2021.
The largest attack previously seen by Cloudflare peaked atย 2.6 Tbps.
โThe scale and frequency of these attacks are unprecedented. Due to their sheer size and bits/packets per second rates, these attacks have the ability to take down unprotected Internet properties, as well as Internet properties that are protected by on-premise equipment or by cloud providers that just donโt have sufficient network capacity or global coverage to be able to handle these volumes alongside legitimate traffic without impacting performance,โ concluded Cloudflare.
โCloudflare, however, does have the network capacity, global coverage, and intelligent systems needed to absorb and automatically mitigate these monstrous attacks.โ
