The largest distributed denial-of-service (DDoS)<\/a> attack ever documented was successfully stopped by Cloudflare in mid-May 2025, with attackers unleashing a devastating 7.3 terabits per second (Tbps) attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds.\u00a0<\/p>\n This unprecedented cyberattack targeted a hosting provider customer using Cloudflare\u2019s Magic Transit service and represents a 12% increase over the previous record, demonstrating the escalating scale and sophistication of modern DDoS campaigns.<\/p>\n The massive attack employed a multi-vector approach, with 99.996% of the attack traffic consisting of UDP floods<\/a> targeting an average of 21,925 destination ports on a single IP address, peaking at 34,517 ports per second.\u00a0<\/p>\n The remaining 0.004% utilized sophisticated reflection and amplification techniques, including Quote of the Day (QOTD) protocol exploitation on UDP port 17, Echo protocol attacks on UDP\/TCP port 7, and Network Time Protocol (NTP) amplification using the monlist command.\u00a0<\/p>\n Additional attack vectors included Mirai botnet UDP floods, Portmap service exploitation on UDP port 111, and Routing Information Protocol version 1 (RIPv1) attacks on UDP port 520.<\/p>\n The attack demonstrated a remarkable geographical distribution, originating from 122,145 unique source IP addresses spanning 5,433 Autonomous Systems (AS) across 161 countries.\u00a0<\/p>\n Brazil and Vietnam emerged as the primary attack sources, each contributing approximately 25% of the total traffic volume, while Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia collectively accounted for another third of the malicious traffic.\u00a0<\/p>\n Telefonica Brazil (AS27699) led the participating networks with 10.5% of attack traffic, followed closely by Viettel Group (AS7552), contributing 9.8%.<\/p>\n Cloudflare\u2019s defense systems leverage advanced packet sampling technology using eXpress Data Path (XDP) and extended Berkeley Packet Filter (eBPF) programs within the Linux kernel to analyze traffic patterns in real-time, according to the report<\/a>.<\/p>\n The company\u2019s proprietary heuristic engine, dubbed \u201cdosd\u201d (denial of service daemon), automatically generated multiple fingerprint permutations to identify attack patterns while minimizing impact on legitimate traffic.\u00a0<\/p>\n The attack was detected and mitigated across 477 data centers in 293 global locations using anycast routing, which distributed the attack traffic across Cloudflare\u2019s network infrastructure.\u00a0<\/p>\n Each data center maintained localized threat intelligence<\/a> caches updated through a gossip protocol, ensuring sub-second propagation of emerging attack signatures across the entire network.\u00a0<\/p>\n This integrated autonomous framework achieved zero-touch mitigation for the 7.3 Tbps attack, fully containing the incident within its 45-second duration without triggering incident response protocols.<\/p>\n The entire mitigation process occurred autonomously without human intervention, alerts, or service incidents, showcasing the effectiveness of modern cloud-based DDoS protection systems in defending against increasingly sophisticated cyber threats.<\/p>\n The post Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nSummary<\/mark><\/strong>\n<\/mark>1. Cloudflare blocked a record 7.3 Tbps DDoS attack in mid-May 2025, delivering 37.4 TB of malicious traffic in 45 seconds.\n2. Targeting a hosting provider using Cloudflare's Magic Transit, the attack surpassed the previous record by 12%.\u00a0\n3. It used sophisticated multi-vector techniques, mainly UDP floods (99.996%), with additional amplification attacks.\n4. Zero-touch architecture with anycast routing and gossip protocol quickly contained the attack, showcasing unparalleled scalability.<\/code><\/pre>\n![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXeC-LbpcpvpwD8wXL_v4GS_mOB5AZ4gt8jyqTk0KJizuTdRRjdRo7_Z2Pf2pSrR1z3XAjitXwd3U6NVK7qEuy-9eJxGVPIvL3lEIqpSpCDph4cNOdpUXenr_CnX9m2eGlf2XOKw5w?key=XfesNA7blpVr9eID5yMbFg\")
Multi-vector DDoS Attack\u00a0<\/strong><\/h2>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcVPAweOyV8VZeOgh2HuO9QPbQqh7AXBtkawDEfEP5dV6VRPJCrzx5Vsn45e9Kcat3bNnSoB3UY3wDJqpnQGzi4eiocIK38twkGFLnejTsaMZyU6pL1zotC-MKpLTHA3l9qNDRd?key=XfesNA7blpVr9eID5yMbFg\")
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcWB43OGcMOCvjugNt5uLwIqKhJnwW1S-xeaSpKgJHZTG9rIfjSpiD2F1EFjub2dPWANTBkLDm7XPrnoasZyR0U8L2iw2T2Os7ZJNsrADWp9O4zugQ_sEgraLZWdgugXoJ9ssLeLQ?key=XfesNA7blpVr9eID5yMbFg\")
Autonomous Detection and Mitigation Technology<\/strong><\/h2>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXc6rLLTN2pzFR9dcOaV5gM8Y73bQ7_cnq4xfhvNf1gy2aD-dboV3nis_F8pNE_pzq_-CMZtoI2d90Z017BSiki1Z8lX-YpfumK8au12SXEICSkKo4douh3PVw3f6D5BaFGYXGTOgg?key=XfesNA7blpVr9eID5yMbFg\")
Are you from SOC\/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. -\u00a0Request 14-day free trial<\/a><\/code><\/strong><\/p>\n