Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices.

Cyber Security News
6 hours ago
Record-breaking 5.6 Tbps DDoS Attack From 13,000 Mirai Hacked Devices

Security and connectivity services provider Cloudflare says that the assault lasted 80 seconds but had no impact on the target and generated no alerts because its detection and mitigation was completely autonomous.

Contribution of each IP in the attack
Contribution of each IP address in the DDoS attack
Source: Cloudflare

An earlier DDoS attack that Cloudflare reported in early October  2024 peaked at 3.8 Tbps, lasted for 65 seconds, and held the record for the largest volumetric assault.

Hyper-volumetric attacks on the rise
Hyper volumetric DDoS attacks have started to become more frequent, a trend that became noticeable in the third quarter of 2024, according to Cloudflare. In the fourth quarter of the year attacks started to exceed 1Tbps, with a quarter-over-quarter growth of 1,885%.
Attacks that exceeded 100 million packets per second (pps) also increased by 175%, with a notable 16% of them also going over 1 billion pps.
Overview of DDoS attack numbers in Q4 '24
Overview of DDoS attack numbers in Q4 '24
Source: Cloudflare

Hyper-volumetric HTTP DDoS attacks only accounted for 3% of the total recorded, with 63% of the remaining being small attacks that did not exceed 50,000 requests per second (rps).

The stats are similar for network layer (Layer 3/Layer 4) DDoS attacks, where 93% did not go beyond 500 Mbps, and 87% were limited to numbers below 50,000 pps.

Blitz DDoS attacks
Cloudflare warns that DDoS attacks are becoming increasingly short-lived, to a point that it is impractical for a human to respond, analyze the traffic, and apply mitigations.
Roughly 72% of HTTP and 91% of network layer DDoS attacks ended in less than10 minutes. On the other side of the spectrum, only 22% of HTTP and 2% of network layer DDoS attacks lasted for more than an hour.
Duration of DDoS attacks in Q4 24'
Duration of DDoS attacks in Q4 '24
Source: Cloudflare

The internet security firm says these short bursts of overwhelming traffic usually occur during peak usage periods, like during holidays and sales events for a maximum impact.

This lays the ground for ransom DDoS attacks, which also had a notable 78% increase QoQ and 25% growth YoY, peaking during Q4 and the Christmas holiday season.

Cloudflare clients targeted by ransom DDoS actors
Cloudflare clients targeted by ransom DDoS actors
Source: Cloudflare
“The short duration of attacks emphasizes the need for an in-line, always-on, automated DDoS protection service,” Cloudflare says.
  • The company says that the most attacked targets in the last quarter of 2024 were in China, Philippines, and Taiwan, followed by Hong Kong and Germany.
Cloudflare's telemetry data shows that most of the targets were in the telecommunications, service providers and carriers industry, internet sector, and marketing and advertising.

Related Articles:

New Mirai botnet targets industrial routers with zero-day exploits

Malware botnets exploit outdated D-Link routers in recent attacks

Juniper warns of Mirai botnet scanning for Session Smart routers

MikroTik botnet uses misconfigured SPF DNS records to spread malware

FBI deletes Chinese PlugX malware from thousands of US computers