Cloudflare Mitigated DDoS Attack Reaching 3.8 Tbps October 2, 2024October 5, 2024 Matthew Prince, the CEO of Cloudflare, recently disclosed that the company has encountered an unprecedented DDoS attack, which peaked at a staggering 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps). Source: Cloudflare Notably, this attack targeted a yet-to-be-named customer of an undisclosed hosting provider that relies on Cloudflare’s services. Furthermore, this incident highlights the growing threat of DDoS attacks in today’s digital landscape, emphasizing the need for enhanced security measures to protect vulnerable systems. Record-Breaking Attack To provide context, the previous record for volumetric DDoS attacks was established in late 2021 when Microsoft faced an attack that peaked at 3.47 Tbps and 340 million Pps. Moreover, prior to this recent incident, Cloudflare’s largest recorded attack reached 2.6 Tbps. This comparison illustrates the increasing scale of DDoS attacks, highlighting the urgent need for improved security measures. Furthermore, this comparison highlights the significant escalation in the scale and intensity of DDoS attacks, emphasizing the evolving threat landscape that organizations must navigate. As such, the recent attack not only sets a new benchmark but also underscores the urgent need for enhanced security measures to protect against these increasingly sophisticated threats. In addition, in the realm of network protocol attacks, OVHcloud reported a significant attack in July 2024, which peaked at 840 million Pps. For application layer DDoS attacks, the HTTP/2 Rapid Reset method has set a new benchmark, with an attack peaking at 398 million requests per second (Rps), as reported by Google. This figure surpassed the previous record of 71 million Rps. Moreover, Cloudflare and AWS reported their own HTTP/2 Rapid Reset attacks around the same timeframe, with peak rates of 201 million Rps and 155 million Rps, respectively. In a blog post released on Tuesday morning, Cloudflare revealed that the record-breaking attack was part of a month-long campaign that commenced in early September. Throughout this period, the company successfully mitigated over 100 “hyper-volumetric L3/4 DDoS attacks,” many of which exceeded 2 billion Pps and 3 Tbps. Conclusion Finally, the campaign primarily targeted clients in the financial services, telecommunications, and internet sectors. The attacks originated from compromised systems worldwide, including locations in Vietnam, Russia, Brazil, Spain, and the United States, leveraging compromised web servers, DVRs, and routers. This incident underscores the increasing sophistication and scale of DDoS attacks in the current digital landscape. This article prepared based on Cloudflare Blog Cyber Security CloudflareCyber SecurityDDOSWeb Security