In a recent cybersecurity development, Cloudflare successfully mitigated a record-breaking DDoS (Distributed Denial of Service) attack, peaking at a staggering 11.5 Tbps. This unprecedented assault, which was a UDP flood, originated predominantly from Google Cloud and was part of a larger, weeks-long campaign of cyberattacks. The sheer scale of this attack surpasses any previously reported DDoS incidents, highlighting the escalating threat landscape in the digital world. Cloudflare’s ability to defend against such a massive flood of malicious traffic underscores the critical role that large-scale cybersecurity infrastructure plays in protecting the internet. The company stated on its X (formerly Twitter) account that it had been fending off hundreds of these attacks, with this particular incident being the largest and most intense.
The 11.5 Tbps DDoS attack, which lasted for approximately 35 seconds, was a significant escalation from a similar incident in Q2 2025. During that quarter, Cloudflare had already reported blocking a record-setting attack that peaked at 7.3 Tbps and 4.8 billion packets per second (Bpps). The more recent 11.5 Tbps attack represents a 12% increase over this previous record, surpassing it by more than 1 Tbps. This rapid increase in the size of DDoS attacks indicates that cybercriminals are employing more sophisticated and powerful methods to disrupt online services. The attacks demonstrate a trend toward higher bandwidth and packet-per-second rates, making them more challenging to mitigate.
To put the scale of the 7.3 Tbps attack into perspective, it blasted 37.4 TB of data in just 45 seconds. This immense volume of data is equivalent to streaming over 9,350 full-length HD movies or downloading 9.35 million songs in under a minute. Another way to visualize this is that the data transferred is equivalent to a year of nonstop HD video or 4,000 years’ worth of high-resolution daily photos, all compressed into less than a minute. While 37.4 terabytes of data might not seem extraordinary on its own, the speed at which it was delivered is what makes this attack so noteworthy and malicious.
The rapid and concentrated nature of the data flood is designed to overwhelm a target’s network infrastructure, causing a complete disruption of service.
The Cloudflare report on the Q2 2025 attack emphasized this point, noting that while the total data volume was not staggering, the speed was. The report highlighted the analogy of flooding a network with 7,480 hours of high-definition video in just 45 seconds, which is a nearly a year’s worth of back-to-back binge-watching. This analogy effectively illustrates the crippling effect of such an attack on a targeted network. The sheer volume and velocity of the attack are designed to saturate network links, exhaust server resources, and prevent legitimate traffic from reaching the intended destination.
The attackers meticulously focused on a single IP address, targeting an average of 21,925 ports per second and peaking at 34,517 ports per second. The source ports of the attack were similarly diverse, further complicating the defense efforts. The attackers were essentially attempting to overwhelm every possible entry point on the target server simultaneously. This broad and rapid port distribution is a common tactic in sophisticated DDoS attacks, as it makes it harder for network security systems to distinguish between legitimate and malicious traffic. By distributing the attack across thousands of ports, the attackers increased the chances of finding an open or vulnerable point of entry to flood with traffic, ultimately aiming to bring down the targeted service.
Reference:
