Cloudflare has successfully blocked the largest distributed denial-of-service (DDoS) attack ever recorded, marking a significant moment in the escalating battle against cyber threats. The attack peaked at an unprecedented 7.3 terabits per second (Tbps), targeting an unnamed hosting provider and unleashing 37.4 terabytes of data in just 45 seconds. Cloudflare’s Magic Transit service absorbed the blow, which was composed almost entirely—99.996%—of User Datagram Protocol (UDP) flood attacks.
While UDP is commonly used for real-time applications like streaming and gaming due to its speed, that same characteristic makes it vulnerable to exploitation in high-volume cyberattacks.
The remaining 0.004% of the traffic—about 1.3 GBps—included various amplification and reflection attack methods such as NTP reflection, Echo reflection, Mirai UDP flood, and RIPv1 amplification. This sliver alone would be enough to cripple most unprotected systems.
What set this attack apart wasn’t just volume but velocity—it carpet-bombed an average of 21,925 destination ports per second, with peaks reaching 34,517 ports on a single IP address. The attack originated from over 122,000 unique IP addresses spanning 161 countries, with the most significant traffic coming from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine.
This historic attack is part of a growing wave of DDoS incidents. In the first quarter of 2025 alone, Cloudflare mitigated 20.5 million DDoS attacks—a staggering 358% increase from the same period last year. Nearly 700 of these were hyper-volumetric attacks, averaging eight per day and overwhelmingly leveraging network-layer vulnerabilities via UDP floods.
Earlier this year, Cloudflare had also defended against a 6.5 Tbps strike linked to the Eleven11bot botnet, composed of tens of thousands of compromised webcams and IoT devices.
The rise in DDoS activity is not just a technical issue—it’s being fueled by geopolitical tensions as well. According to Radware’s director of threat intelligence, Pascal Geenens, hacktivist DDoS attacks against U.S. targets surged by 800% in just two days in June, following U.S. involvement in the Israel-Iran conflict. Radware’s 2025 Global Threat Analysis Report highlights a 550% global increase in web-based DDoS attacks and a near 400% year-over-year growth in overall DDoS traffic volume. Experts warn that these attacks are only going to become more frequent and intense.
To counter this threat, experts recommend a multi-layered defense strategy.
Partnering with specialized DDoS mitigation providers such as Cloudflare, Akamai, Imperva, or Radware is essential for organizations that lack the infrastructure to defend against large-scale attacks. Blocking traffic from known malicious Autonomous System Numbers (ASNs) and using geoblocking can filter out harmful sources, although attackers often bypass these measures with spoofed IPs or botnets. Distributing network infrastructure can prevent single points of failure, while configuring routers and firewalls to block unsafe protocols like ICMP and FTP adds an additional line of defense.
Businesses are also advised to work closely with their internet service providers to filter unnecessary traffic upstream.
Deploying Web Application Firewalls (WAFs) is critical for defending against application-layer threats, and using multiple DNS providers with DNSSEC can ensure site availability even during attacks. Specialized tools like Wordfence for WordPress add another layer of protection for widely used platforms.
Importantly, no single solution is sufficient. Organizations must adopt layered defenses and routinely test their systems through red team exercises using tools like HULK, hping3, or GoldenEye to identify vulnerabilities before attackers exploit them. Even small websites are no longer safe from DDoS campaigns. As cybersecurity journalist Steven Vaughan-Nichols noted, his personal site faces about a dozen DDoS attacks every week. In today's threat landscape, robust DDoS defense isn't a luxury—it’s a necessity.
