Massive 22.2 Tbps DDoS Attack Sets New World Record

Cloudflare announced today that it has successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded.

The hyper-volumetric assault peaked at a staggering 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), shattering the previous record of 11.5 Tbps.

This new high-water mark highlights a dramatic escalation in the scale and speed of modern cyber threats.

Record‐Breaking Speed and Scale

Unlike many prolonged DDoS campaigns, this record-breaking attack lasted only about 40 seconds.

 In that brief window, attackers unleashed a torrent of traffic more than double the size of the prior benchmark, a UDP flood that peaked at 11.5 Tbps and lasted 35 seconds.

By compressing massive volumes of traffic into a very short timeframe, threat actors aim to overwhelm defenses before they can mount an effective response.

These “hit-and-run” tactics demand automated, machine-driven detection and mitigation systems that can work in real time at machine speed.

The assault employed a multi-vector approach, combining different packet types and amplification methods to maximize its impact.

Such hyper-volumetric attacks are powered by vast botnets made up of compromised computers and Internet-of-Things devices.

Bot herders exploit poor security on home routers, cameras, and other connected devices to assemble armies of traffic-generating drones.

By orchestrating simultaneous UDP floods, SYN floods, and reflection attacks, they forge a deluge of malicious traffic capable of crippling even well-protected networks.

Cloudflare’s global network, with its edge-based architecture and machine-learning-driven analytics, detected and blocked the attack autonomously, without any human intervention.

Traffic was scrubbed as close to its source as possible, preventing the malicious packets from ever reaching the targeted servers.

This approach contrasts sharply with legacy DDoS scrubbing centers that rely on manual traffic redirection and analysis.

Those older systems simply cannot react fast enough or handle such extreme volumes. Cloudflare’s automated mitigation preserved the availability and performance of the affected online services throughout the intense but fleeting onslaught.

As cybercriminals continue to refine their techniques and expand their botnets, hyper-volumetric DDoS attacks are likely to grow in frequency and severity.

Organizations must therefore evaluate whether their security providers possess the network capacity and automated technology needed to withstand assaults at this unprecedented scale.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.