Junk traffic flood: Record DDoS attack on provider with 7.3 TBit/s
Large-scale DDoS attacks are becoming increasingly severe. Cloudflare reports an attack with a data volume of 7.3 terabits per second on a host provider.
(Image: Timofeev Vladimir/Shutterstock.com)
In mid-May, Cloudflare blocked the "largest ever recorded" denial-of-service attack (DDoS) with 7.3 terabits per second (TBit/s), which was previously hardly thought possible. This was announced by the US provider of IT security and internet performance solutions on Friday. This attack was around 12 percent larger than the previous record and delivered a massive data volume of 37.4 terabytes in just 45 seconds. While this volume is not breathtaking in itself these days, the very short time required for delivery is.
"This is the equivalent of flooding your network with over 9350 full-length HD movies or streaming 7480 hours of high-definition video uninterrupted" in less than a minute, Cloudflare illustrates the data deluge. "Imagine if you could take 12.5 million high-resolution photos with your smartphone and never have a full storage space." And all in 45 seconds.
The target of the massive attack was a hosting provider, the service provider revealed, without naming any names. The attack was successfully repelled. The cyber criminals had "bombarded an average of 21,925 target ports of a single IP address of our customer, with a peak value of 34,517 target ports per second". The incident was based on a similar distribution of source ports. More than 122,145 source IP addresses were involved, spanning 5433 autonomous network systems in 161 countries.
The infamous Mirai botnet was involved
According to Cloudflare, it was an attack using various vectors. The company categorized around 99.996 percent of the traffic as so-called UDP floods. An attacker sends a huge amount of UDP (User Datagram Protocol) packets to random ports on a target server. As UDP is connectionless, it is easier for malicious users to falsify the sender IP address of the packets (IP spoofing). This makes it more difficult to identify the actual source of the attack. The network and server resources of a target can thus quickly become overloaded.
Videos by heise
Cloudflare identified the remaining 0.004 percent of the attack traffic, which amounted to 1.3 gigabytes, as attacks via various other Internet protocols such as the Network Time Protocol (NTP), the Quote of the Day Protocol (QOTD) or Echo and via portmapper services, which are used to identify network resources. In addition, one or more Mirai-based botnets were involved. These typically consist of compromised routers in homes and offices, webcams and other Internet of Things devices.
According to Cloudflare, it recorded a massive increase in DDoS attacks in the first quarter of 2025 and blocked 20.5 million such attacks. This corresponds to an increase of 358 percent compared to the first three months of the previous year. Important service providers in the Internet infrastructure sector were particularly affected. The Federal Criminal Police Office regularly classifies DDoS attacks as a high threat in its cybercrime situation reports. It primarily suspects "hacktivists" from the pro-Russian or anti-Israeli camp to be behind these attacks. Together with international partners, the authority is taking action against services that facilitate such attacks.
(nen)
