Cloudflare A strong content is a distribution network (CDN) that specializes in providing protection against distributed refusal (DDOS) attacks. Last month, cloudflare The biggest DDOS attack in internet history blocked,
The attack reached a shocking 7.3 terabites per second (TBPS). This is a data deluse, which is equivalent to streaming to about 10,000 high-language films within a minute.
The attack targeted an anonymous hosting provider using a cloudflair Magic Transit DDOS Protection Service And recorded 37.4 terabytes of data in just 45 seconds. The attack included almost completely (99.996%) of the user Datagram Protocol (UDP) (UDP) Flood attack,
Also: How to protect your site from DDOS attacks – before it is too late
Thanks to its high data transmission speed, UDP is usually used for real -time applications such as gaming and streaming. The same facility lends itself for attacks. UDP-based floods have become rapidly common in hyper-velumatric attacks, which defines Cloudflair as over 1 TBPS.
Minutes, 0.004%, 1.3 gigabytes per second (GBPS), were made of these other attack types – Qotd image, Echo reflection, NTP image, Mirai Udap flood, Portmap floodAnd Ripv1 amplification0.004% alone would have sufficient to knock the most unsafe sites from the Internet.
The 7.3 TBPS attack represents a 12% increase in the previous record and carries forward the notorious DDOS attack on security journalist Brian Krebs By a full terabit per second. That attack was thwarted Project shieldA free Google service for risky organizations from large -scale DDOs attacks.
While 37.4 TB may not look extraordinary in today’s data conditions, the velocity of the attack – destroying that volume in less than a minute – set a new benchmark for DDOS intensity. The carpet-bombings of the attack reached 34,517 ports per second at an IP address, on an average of 21,925 destination ports per second.
This special attack was highly distributed, originating from 122,145 sources IP addresses in 161 countries. Most of this malicious traffic came from Brazil, Vietnam, Taiwan, China, Indonesia and Ukraine.
According to Cloudflare, this record-setting attack comes amid a dramatic bounce in DDOs attacks. In the first quarter of 2025 alone, Cloudflare reduces 20.5 million DDOS attacksThis is an increase of a 358% year-on-year and matches the total for all in 2024. The company has reported to block approximately 700 hyper-volumetric attacks in Q1, which is eight eight average per day, taking advantage of the vast majority network-layer attacks UDP-based floods.
Also: Why are your secret weapons against AI-AI-driven security equipment against tomorrow’s attacks
Earlier in 2025, Cloudflare successfully defended the 6.5 TBPS attack Eleven11bot botnetTens of thousands of compromised webcams and video recorders made. There will be more such attacks, and they will be even bigger.
For example, while things have cooled with Iran (for now), Cloud Security Company Redware Pascal Geinens, director of the danger, told me, “Between 21-22 June 2025, the claims of the havtivist DDOS attack increased by 800% after their participation in the Israeli-Iran struggle against the United States.”
First, 2025 global danger analysis report of redware It has been said that globally “web DDOS attacks increase by 550%”, “DDOS attack volume is about 400% year-on-year.” My friend, this is only worse.
Also: Navigating AI-operated cyber threats in 2025: 4 expert safety tips for businesses
What can you do about it? There are many ways to reduce DDOS attacks. Here is a summary:
Participation with DDOS mitigation: If you are not already, get a contract with a DDOS defense organization like AkamaiCloudflare, ImpervaOr redware. They have expertise and infrastructure to handle large -scale attacks; You do not do almost certainly.
Block traffic from known poor autonomous system number (ASNS): This can prevent some malicious activities, such as by filtering traffic from sources with spam, botnets and DDOS attacks, history of misconduct. This is geo -locking related to it. Here, the trick is to block traffic from a specific country or region.
However, it is not almost as effective as you can think. The problem is that most lovers can ignore Jioblocking using attacker techniques Internet protocol ip spoofing Or use A wireless router, DVR, or webcam -running botet To attack you.
Also: 16 billion passwords leaked from Apple, Google and Facebook? How to save yourself
Distributed Network: Spreading your network infrastructure helps avoid single points of failure and hurdles that can exploit DDOS attacks.
Router and Firewall Configuration: Your own routers and firewalls can help. Set them to release junk packets and block unsecured protocols such as ICMP, FTP and Telnet on the network age. If you do not have a firewall and intrusion prevention system (IP), which are hard enough to handle large traffic volumes without performance, buy them.
Upstream ISP Cooperation: Work with your internet service provider (ISP) to block unnecessary or unwanted upstream traffic. For example, if you do not need UDP traffic, let it reach your front-end server? Block it in advance!
Also: Why no small business is too small for hackers – and 8 security practices for SMBS
Web app firewall (WAF): Against these special rescue Layer 7 application attacks It is necessary to block the malicious traffic that targets web applications.
Many DNS providers and DNSSEC: Using more than one DNS provider safe with DNSSEC can help maintain the availability of the site, even if a provider is taken down by the DDOS attack.
Special Software Defense: Some programs, such as Of WordPressUsing special applications designed to save them can benefit. For example, I will never run without WordPress Wordfense,
Leveled rescue: This is not enough to use only one or two or three of these defense. Businesses require many, overlapping security measures to ensure that they can continue to do so if there is a violation of one or more of their defensive walls.
Also: How will AI change cyber security in 2025 – and supercharged cybercrime
Red Team Testing: Finally, such as imitating attacks with equipment, constantly test your defense Gold eye, hping3And Hulk An agreement is made to identify and address weaknesses before your website or company network access.
If you feel that your company or organization is too young to worry about defending your sites and networks against an DDOS attack, then think again.
I have a small site, Practical technologyWhose only task is to host copies of my stories. On the hardware behind the site, I also maintain my own next Server, an email server, an off-site backup server and several tests Linux Server. On average – average – I find a dozen DDOS attacks a week. These days, maintaining a stout DDOS defense is not just a good idea, this is a need.
Be ahead of security news with Tech todayReacted every morning to his inbox.
