The largest ever DDoS attack has just been blocked - here's how it was done

News
By published

Cloudflare says it mitigated a 3.8Tbps DDoS attack

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

Cloudflare has claimed to have recently mitigated the biggest Distributed Denial of Service (DDoS) attack in history.

In a company blog post, Cloudflare outlined how, throughout September 2024, an unnamed threat actor targeted multiple customers in the financial services, internet, and telecommunication industries, among others.

Without naming any specific targets, Cloudflare said that the attack campaign targeted bandwidth saturation, as well as resource exhaustion of in-line applications and devices.

Bots across the world

The attack included “over one hundred hyper-volumetric L3/4 DDoS attacks”, many of which exceeded 2 billion packets per second (Bpps), and 3 terabits per second (Tbps).

A hyper-volumetric L3/4 DDoS attack is a type of DDoS attack targeting layers 3 (network) and 4 (transport) of the OSI model (framework that standardizes network communication). It overwhelms the target’s bandwidth or network infrastructure with massive amounts of traffic, often using techniques like UDP floods or TCP SYN floods. The goal is to exhaust the resources of the target system, making it unavailable to legitimate users.

Of all the attacks, one stood out - when it peaked at 3.8 Tbps. This is, according to Cloudflare, “the largest ever disclosed publicly by any organization.” It predominantly leveraged UDP on a fixed port, the company said, and originated from across the globe. The majority of the endpoints used in the attack came from Vietnam, Russia, Brazil, Spain, and the US.

Detection and mitigation was all automatic, Cloudflare says. It added that the key reason why it was able to tackle it was because the company has servers across the world, which essentially water down incoming botnet traffic.

Generally, DDoS attacks are done via botnets - vast networks of compromised endpoints such as routers, smart home devices, and similar. These attacks included traffic from MikroTik devices, DVRs, and web servers, as well as compromised ASUS home routers, which were likely exploited using a CVE 9.8 (Critical) vulnerability that was recently discovered by Censys.

Before this one, the largest-ever observed DDoS attack was 3.47 Tbps strong, and was mitigated by Microsoft in November 2021.

Via PCMag

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
DDoS Attack
World's largest DDoS attack blocked, Cloudflare claims
An image of network security icons for a network encircling a digital blue earth.
Standing strong against hyper-volumetric DDoS attacks
Web DDoS attacks see major surge as AI allows more powerful attacks
An image of security icons for a network encircling a digital blue earth.
Best DDoS protection of 2025
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
An image of the Samsung Galaxy S25 Ultra from a hands-on event

Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
See more latest
Most Popular
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 14 (game #1145)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 14 (game #642)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 14 (game #376)
Verizon logo on a building with blue sky above
Millions of Americans are missing out on cheap unlimited cloud storage - how to check if you are one of them
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Global Special Forces server
AI server designed for Chinese military use wins major global design award in Europe