Cloudflare recently successfully neutralized the largest distributed denial-of-service (DDoS) attack on record, which peaked at an astounding 7.3 terabits per second (Tbps). This massive cyber onslaught, which occurred in mid-May, exceeded Cloudflare’s previous highest attack rate by 12 percent and surpassed another significant attack by a full terabyte per second. Notably, just weeks prior, the company had released its DDoS threat report for the first quarter of 2025, indicating that attacks had already reached 6.5 Tbps. The targeted entity was a hosting provider utilizing Cloudflare’s Magic Transit service for IP network protection.
This incident reflects a growing trend of DDoS campaigns increasingly targeting hosting providers and essential internet infrastructure. To illustrate the scale of the attack, the 7.3 Tbps assault delivered 37.4 terabytes of data within just 45 seconds. Although 37.4 terabytes may not seem overwhelming at first glance, the rapid delivery equates to flooding a network with data equivalent to over 9,350 full-length high-definition movies. The attack was not merely a flood of traffic; it represented a sophisticated, multi-vector assault, primarily characterized by a UDP flood that comprised nearly all the malicious traffic.
Additionally, it included reflection and amplification techniques such as QOTD, Echo, and NTP reflection attacks, along with contributions from the infamous Mirai botnet. The nature of the assault exploited outdated internet protocols like Echo and QOTD. Attackers manipulated these protocols by spoofing the victim’s IP address, causing devices to amplify the assault. Cloudflare identified that the malicious traffic originated from over 122,145 unique IP addresses across 5,400 autonomous systems in 161 countries.
Remarkably, almost half of the attack traffic came from Brazil and Vietnam, with notable contributions from other nations such as Taiwan, China, and the United States. Utilizing a global anycast network, Cloudflare dispersed the malicious traffic across its 477 data centers, effectively leveraging the distributed nature of the attack against itself. The company’s autonomous threat analysis system, ‘dosd’, continuously examines incoming packets and, upon identifying threats, rapidly deploys mitigation measures tailored to neutralize the attack while preserving access for legitimate users. The success of Cloudflare’s defense against this record DDoS attack underscores the vital role that automated and distributed security architectures play in addressing the heightened landscape of cyber threats.