Cloudflare Reports Record 5.8 Tbps DDoS Attack Mitigated Automatically

Cloudflare has disclosed that it successfully mitigated a record-breaking distributed denial-of-service attack peaking at 5.8 terabits per second, originating from a botnet of approximately 180,000 compromised devices including IoT cameras, routers, and NAS devices.

The attack, which targeted an unnamed financial services company in Asia, lasted approximately 45 minutes and used a combination of UDP flood, DNS amplification, and a novel TCP-based reflection technique that amplified traffic through misconfigured load balancers.

Cloudflare's automated DDoS protection systems detected and began mitigating the attack within 3 seconds of its initiation, with no impact to the customer's services. The company's global network, which now spans over 330 cities, absorbed the traffic across multiple data centers.

"The scale of DDoS attacks continues to grow exponentially as the number of poorly secured internet-connected devices increases," said Matthew Prince, CEO of Cloudflare. "This attack was nearly twice the size of the largest attack we saw last year, and we expect this trend to continue."

Analysis of the botnet revealed that over 60% of compromised devices were running outdated firmware with known vulnerabilities. Cloudflare has shared IoC data with relevant ISPs and CERTs to help remediate the compromised devices and prevent future attacks.