Cloudflare has successfully mitigated the largest distributed denial-of-service (DDoS) attack in recorded history, blocking a staggering 7.3 terabits per second (Tbps) assault that bombarded a hosting provider with 37.4 terabytes of malicious traffic in just 45 seconds.
The attack, detected in mid-May 2025, represents a 12% increase over the previous record and surpasses the recent 6.3 Tbps attack against cybersecurity journalist Brian Krebs' KrebsOnSecurity website.
To put this astronomical scale into perspective, the 45-second barrage was equivalent to streaming over 9,350 full-length HD movies or downloading 9.35 million songs simultaneously—enough entertainment content to last an individual 57 years of continuous consumption.
Massive Global Botnet Coordination
The attack originated from a sprawling network of over 122,145 compromised devices across 5,433 autonomous systems (ASes) spanning 161 countries. Nearly half of the malicious traffic emanated from Brazil and Vietnam, each contributing approximately 25% of the assault. The remaining third originated from Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia.
The attack demonstrated sophisticated coordination, carpet-bombing an average of 21,925 destination ports on a single IP address, with peaks reaching 34,517 ports per second.
While UDP floods comprised 99.996% of the traffic volume, attackers also deployed multiple reflection and amplification techniques, including QOTD (Quote of the Day), Echo protocol, NTP (Network Time Protocol), Mirai botnet variants, Portmap, and RIPv1 routing protocol exploits.
.webp "New world record: 7.3 Tbps DDoS attack") |
| New world record: 7.3 Tbps DDoS attack | Image- CloudFlare |
Telefonica Brazil's network (AS27699) served as the largest single source, accounting for 10.5% of attack traffic, followed closely by Vietnam's Viettel Group (AS7552) at 9.8%. This geographic distribution suggests the exploitation of vulnerable Internet of Things (IoT) devices and poorly secured infrastructure across emerging markets.
Autonomous Defense System Proves Its Worth
Perhaps most remarkably, Cloudflare's distributed defense infrastructure blocked the entire assault autonomously, without triggering alerts, requiring human intervention, or causing service disruptions. The company's global anycast network spread the attack across 477 data centers in 293 locations worldwide, using the distributed nature of DDoS attacks against itself.
"Our systems successfully blocked this record-breaking 7.3 Tbps DDoS attack fully autonomously without requiring any human intervention, without triggering any alerts, and without causing any incidents," Cloudflare stated in their technical report.
The defense relied on advanced packet sampling using eXpress Data Path (XDP) and extended Berkeley Packet Filter (eBPF) programs that analyze traffic patterns in real-time.
The company's proprietary "dosd" (denial of service daemon) engine generates multiple fingerprint permutations to surgically identify attack traffic while preserving legitimate connections.
Escalating Threat Landscape
This attack represents a concerning escalation in the DDoS threat landscape. Previous records include Cloudflare's 5.6 Tbps attack from late 2024 and Microsoft's 3.45 Tbps attack against an Azure customer in 2021. The recent surge demonstrates how attackers are leveraging increasingly massive botnets of compromised IoT devices to generate unprecedented traffic volumes.
The attack targeted a hosting provider using Cloudflare's Magic Transit service, reflecting a broader trend of cybercriminals focusing on critical Internet infrastructure rather than individual websites. This shift threatens the backbone services that power modern digital communications and commerce.
Protective Measures and Industry Response
To combat these evolving threats, Cloudflare offers a free DDoS Botnet Threat Feed for service providers, helping over 600 organizations worldwide identify and remediate compromised devices within their networks. The feed provides real-time intelligence about attacking IP addresses, enabling proactive defense measures.
Organizations can protect themselves by implementing cloud-based volumetric DDoS protection, disabling obsolete services like QOTD and Echo protocols, securing IoT devices with updated firmware and changed default passwords, and applying intelligent rate-limiting for UDP traffic while preserving legitimate services.
The successful autonomous mitigation of this record-breaking attack demonstrates both the escalating sophistication of modern cyber threats and the critical importance of advanced, distributed defense systems in protecting the Internet's foundational infrastructure.