Article Details
Scrape Timestamp (UTC): 2025-09-23 15:59:42.786
Original Article Text
Click to Toggle View
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack. Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). DDoS attacks typically exhaust either system or network resources, aiming to make services slow or unavailable to legitimate users. Record-breaking DDoS attacks are becoming more frequent, as just three weeks ago, Cloudflare disclosed that it mitigated a massive 11.5 Tbps and 5.1 Bpps attack, the largest publicly announced at the time. Two months before that, the company dealt with another ecord attack that peaked at 7.3 Tbps. In April, the internet giant warned that it was dealing with a record number of DDoS attacks this year. The latest DDoS incident, also volumentric, lasted 40 seconds and is by far the largest ever mitigated. Despite the short assault period, the volume of traffic directed at the victim was enormous, roughly equivalent to streaming one million 4K videos simultaneously. The packet rate of 10.6 Bpps can be translated to roughly 1.3 web page refreshes per second from every person on the planet. The large volume of packets makes it particularly difficult for firewalls, routers, and load balancers to process the requests, even if the total bandwidth is manageable. Although Cloudflare has not shared many details about the last two DDoS attacks, XLab research division at Chinese cybersecurity company Qi'anxin attributed an 11.5 Tb DDoS attack to the AISURU botnet. According to the researchers, AISURU has infected more than 300,000 devices worldwide, with a sudden increase occuring in April 2025 after the compromise of a Totolink router firmware update server. The botnet also targets vulnerabilities in IP cameras, DVRs/NVRs, Realtek chips, and routers from T-Mobile, Zyxel, D-Link, and Linksys. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Daily Brief Summary
Cloudflare successfully mitigated an unprecedented DDoS attack peaking at 22.2 terabits per second and 10.6 billion packets per second, marking the largest attack on record.
The attack, although brief at 40 seconds, generated traffic equivalent to streaming one million 4K videos simultaneously, posing significant challenges to network infrastructure.
The assault's packet rate of 10.6 Bpps strained firewalls, routers, and load balancers, demonstrating the evolving complexity and scale of modern DDoS threats.
Cloudflare's previous experience with large-scale DDoS attacks, including an 11.5 Tbps incident, underscores the increasing frequency and sophistication of these cyber threats.
The AISURU botnet, linked to the 11.5 Tbps attack, has compromised over 300,000 devices globally, exploiting vulnerabilities in various routers and IoT devices.
The attack's magnitude emphasizes the critical need for robust DDoS protection strategies and continuous monitoring to safeguard network availability and integrity.
Organizations should prioritize updating and securing network devices to mitigate risks associated with botnet-driven DDoS attacks.