Cloudflare blocked the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at 5.6 terabits per second (Tbps) while reporting a staggering 53% increase in overall DDoS threats during 2024.
The assault lasted for 80 seconds. A Mirai-variant botnet launched the attack through 13,000 compromised Internet of Things devices. It primarily targeted an internet service provider in Eastern Asia. Cloudflare’s autonomous systems neutralized the threat without human intervention or service disruption.
“It required no human intervention, didn’t trigger any alerts, and didn’t cause any performance degradation. The systems worked as intended,” Cloudflare wrote in its latest quarterly threat report.
These threats have grown dramatically in scale and frequency. The company blocked approximately 21.3 million DDoS attacks in 2024, compared to 14 million in 2023. Attacks exceeding one terabit per second surged 1,885% between the third and fourth quarters of 2024.
“The rise in attack size renders capacity-limited cloud DDoS protection services or on-premise DDoS appliances obsolete,” Cloudflare stated.
The nature of these attacks has also evolved. Nearly three-quarters of HTTP DDoS attacks came from known botnets, while 11% originated from fake browser impersonations. The remaining attacks involved suspicious HTTP attributes and other vectors.
Geographical patterns show Indonesia as the primary source of attacks, followed by Hong Kong and Singapore. China remained the most targeted country, with the Philippines and Taiwan completing the top three most affected regions.
The telecommunications sector faced the heaviest assault, followed by internet companies and marketing firms. The banking sector, previously the most targeted industry, dropped to eighth place in the fourth quarter.
Ransom-motivated attacks increased significantly, with 12% of Cloudflare customers reporting extortion attempts – a 78% quarter-over-quarter increase.
The speed of modern attacks has made human response times inadequate. About 91% of network-layer DDoS attacks now end within ten minutes, making automated defenses essential. These rapid assaults often coincide with peak usage periods, such as holidays and major sales events, to maximize disruption.
“Too many organizations only implement DDoS protection after suffering an attack,” Cloudflare noted. “Our observations show that organizations with proactive security strategies are more resilient.”
Cloudflare’s network boasts its 321 Tbps capacity. The company has expanded its global presence from 200 cities in 2020 to 330 cities by the end of 2024. This expansion reflects the growing need for robust, automated defense systems capable of handling increasingly sophisticated cyber attacks.