Cloudflare has reported that over the past few weeks, their defense systems have been working “against the clock” to mitigate hundreds of ultra-volume DDoS attacks, some of unprecedented scale. According to the company, the largest peaked at 5.1 billion packets per second (Bpps) and 11.5 terabits per second (Tbps).
The most powerful attack was identified as a UDP flood (UDP flood), initially attributed to traffic originating from Google Cloud. However, a subsequent update from the company clarified that the attack was generated by a combination of compromised IoT devices and multiple cloud providers, including Google Cloud, but not predominantly from it.
A New Level of Ultra-Volume Attacks
DDoS attacks have increased in frequency and severity in recent years, but the incident reported by Cloudflare confirms a particularly worrying trend: cybercriminals are now achieving volumes exceeding 10 Tbps. This capacity could threaten the connectivity of entire regions if proper defenses were not in place.
In this case, the company emphasizes that its auto-mitigation systems successfully blocked malicious traffic without causing significant disruption to clients.
IoT and Cloud: The New Face of Botnets
The composition of the 11.5 Tbps attack reveals another key aspect: the combination of networks of compromised IoT devices—such as cameras, home routers, or smart appliances with poor configurations—with resources in the cloud from various providers.
This hybridization of traditional botnets with poorly utilized cloud resources multiplies the attackers’ capacity. While IoT devices provide volume, cloud infrastructure adds bandwidth and globally distributed IP addresses, making attack detection and blocking more challenging.
Cloudflare and Autonomous Defense
The company explained that their mitigation systems, based on artificial intelligence and distributed network rules across their global infrastructure, were able to:
- Automatically detect spikes in malicious traffic.
- Differentiate between legitimate requests and attacks.
- Redistribute traffic within the network to absorb pressure.
This approach, which eliminates the need for immediate manual intervention, is critical during attacks reaching billions of packets per second, where human reaction would be insufficient.
Context and Next Steps
Cloudflare has pledged to release a detailed technical report in the coming days, including a breakdown of the traffic and source attribution of the attack. The company points out that the incident was not isolated; during the same period, hundreds of ultra-volume attacks were mitigated across different regions, suggesting a coordinated wave of DDoS campaigns.
Conclusion
The 11.5 Tbps attack marks a new milestone in the escalation of global cyber threats. The combination of vulnerable IoT devices and exposed cloud resources presents an increasingly formidable challenge for defenses. However, Cloudflare’s ability to neutralize it demonstrates that distributed and autonomous mitigation infrastructure is key to maintaining internet resilience against such threats.
FAQ (Frequently Asked Questions)
What does an 11.5 Tbps attack mean?
It is a distributed denial-of-service (DDoS) attack generating 11.5 terabits per second of malicious traffic, enough to saturate even large-scale network infrastructures if they are unprotected.
Where did the attack originate?
From a combination of IoT device botnets and cloud resources from multiple providers. While Google Cloud was one source, it was not the majority of the traffic.
How did Cloudflare mitigate the attack?
Using an autonomous detection and mitigation system that analyzes traffic in real-time, filters malicious content, and redistributes loads across their global network.
What does this imply for the future of internet security?
DDoS attacks are expected to continue escalating in scale and sophistication, making it essential to combine robust infrastructure resilience, AI security applications, and collaboration among cloud providers to reduce their impact.