Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) assault in Might 2025 that peaked at 7.3 Tbps, concentrating on a internet hosting supplier.
DDoS assaults flood targets with huge quantities of visitors with the only goal to overwhelm servers and create service slowdowns, disruptions, or outages.
This new assault, which is 12% bigger than the earlier file, delivered an enormous knowledge quantity of 37.4 TB in simply 45 seconds. That is the equal of about 7,500 hours of HD streaming or 12,500,000 jpeg photographs.
The record-breaking DDoS assault
Supply: Cloudflare
Cloudflare, an internet infrastructure and cybersecurity large specializing in DDoS mitigation, presents a network-layer safety service known as ‘Magic Transit,’ which was utilized by the focused buyer.
The assault got here from 122,145 supply IP addresses unfold throughout 161 international locations, with the bulk based mostly in Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine.
The “rubbish” knowledge packages had been delivered throughout a number of vacation spot ports on the sufferer’s system, averaging 21,925 ports per second and peaking at 34,517 ports/second.
This tactic of scattering visitors helps overwhelm firewall or intrusion detection programs, however Cloudflare claims to have in the end been in a position to mitigate the assault with out human intervention.
Supply IP addresses
Supply: Cloudflare
Cloudflare’s anycast community dispersed assault visitors to 477 knowledge facilities in 293 places, leveraging key applied sciences similar to real-time fingerprinting and intra-data middle gossiping for real-time intelligence sharing and automatic rule compilation.
Although almost all the assault quantity got here from UDP floods, accounting for 99.996% of the full visitors, there have been a number of different vectors concerned, together with:
QOTD reflection
Echo reflection
NTP amplification
Mirai botnet UDP flood
Portmap flood
RIPv1 amplification
Every vector exploited legacy or poorly configured companies. Whereas this was solely a tiny share of the assault, it served as a part of the attackers’ evasion and effectiveness technique and will additionally assist probe for weaknesses and misconfigurations.
Cloudflare says useful IoCs from this assault had been well timed included in its DDoS Botnet Menace Feeda free service that helps organizations block malicious IP addresses preemptively.
Over 600 organizations have subscribed to this feed, and the web large calls any others vulnerable to huge DDoS assaults to do the identical and block the assaults earlier than they attain their infrastructure.
Patching used to imply advanced scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, scale back overhead, and give attention to strategic work — no advanced scripts required.
