Cloudflare claims to have mitigated biggest DDoS attack on record with requests flying in from 5,500 IP addresses per second

News
By
published

Nothing strikes fear in my heart quite like the phrase 'hypervolumetric DDoS attack'.

3D illustration of a grid of black cpus with different IoT symbols, representing a botnet concept
(Image credit: BeeBright via Getty Images)

DDoS attacks have only gotten more sophisticated as time goes on. An increasingly popular tactic among bad actors is to hit hard and fast in what are described as 'hypervolumetric' attacks. For instance, last October one ISP based in East Asia was pummeled by a botnet at a rate of 5.6 terabit per second.

According to Cloudflare's quarterly DDoS threat report, the incident on October 29 was the largest attack of its kind ever reported (via Bleeping Computer). The volley was launched from a Mirai-based botnet of 13,000 compromised devices, lobbing requests from about 5,500 unique IP addresses per second.

Breaking it down further, Cloudflare shared, "The average contribution of each IP address per second was around 1 Gbps (~0.012% of 5.6 Tbps)."

Despite the eye-watering rate of this barrage, the entire attack only lasted 80 seconds. Naturally Cloudflare took the opportunity to toot its own horn, sharing that the attack was autonomously mitigated by its distributed defense systems.

The company shared, "It required no human intervention, didn’t trigger any alerts, and didn’t cause any performance degradation. The systems worked as intended."

To briefly recap, DDoS stands for Distributed Denial of Service and describes a cyber attack launched from multiple sources with the aim of making a targeted web service or device unavailable for normal use. For one recent example, last year Final Fantasy 14 was the target of the largest scale DDoS attack the game had seen in a decade, resulting in hours-long login queues just for a start.

Cloudflare's latest DDoS threat report shares a smorgasbord of data that I'm now going to serve up charcuterie-style. For instance, did you know that during the last half of 2024, Indonesia remained the largest source of DDoS attacks?

The company also says they've seen an uptick in hypervolumetric DDoS attacks, with a sharp quarter on quarter spike through the winter of 2024. The company shared, "The amount of attacks exceeding 1 Tbps increased by 1,885% QoQ and attacks exceeding 100 Million pps (packets per second) increased by 175% QoQ."

That said, Cloudflare claims that most of the HTTP and network layer DDoS attacks the company observed lasted less than 10 minutes—hence the move towards automated protection. Cloudflare explains, "Because the duration of most attacks is so short, it is not feasible, in most cases, for a human to respond to an alert, analyze the traffic, and apply mitigation."

Best gaming PCBest gaming laptop


Best gaming PC: The top pre-built machines.
Best gaming laptop: Great devices for mobile gaming.

TOPICS
Jess Kinghorn
Jess Kinghorn
Hardware Writer

Jess has been writing about games for over ten years, spending the last seven working on print publications PLAY and Official PlayStation Magazine. When she’s not writing about all things hardware here, she’s getting cosy with a horror classic, ranting about a cult hit to a captive audience, or tinkering with some tabletop nonsense.

See comments