Cloudflare recently thwarted a record-breaking 3.8 Tbps Distributed Denial-of-Service (DDoS) attack, the largest ever disclosed to the public. This attack occurred as part of a sustained month-long campaign of hyper-volumetric Layer 3/4 attacks, with Cloudflare automatically mitigating over 100 incidents, many exceeding 2 billion packets per second (Bpps). The largest of these attacks peaked at 3.8 Tbps, lasting 65 seconds, and was autonomously detected and blocked by Cloudflare’s defenses without impacting customer performance.
The majority of these attacks targeted companies in the financial services, internet, and telecommunications sectors. Cloudflare’s global anycast network allowed the attacks to be distributed across multiple data centers worldwide, diluting the impact. The attacks primarily utilized compromised devices such as MikroTik routers, ASUS home routers, DVRs, and web servers, with the attackers leveraging vulnerabilities in these devices to orchestrate the floods of traffic.
Cloudflare’s DDoS protection is fully automated, utilizing technologies like XDP and eBPF to sample traffic, generate real-time signatures, and drop malicious packets efficiently. “Our autonomous detection and mitigation systems protect customers from the most significant attacks on the internet,” said a Cloudflare spokesperson. This level of protection is extended to customers using its reverse proxy, WAF, CDN, Spectrum, and Magic Transit services.
• Largest DDoS attack peaked at 3.8 Tbps • Cloudflare mitigated over 100 hyper-volumetric attacks in one month • Attacks primarily targeted financial services, telecom, and internet companies • Originated from compromised devices including MikroTik routers and ASUS home routers • Detection and mitigation were fully automated using real-time signatures
