Cloudflare successfully neutralized a 7.3 Tbps distributed denial-of-service (DDoS) attack in May 2025, the largest ever recorded. The attack targeted a hosting provider using Cloudflare’s Magic Transit service and lasted just 45 seconds, delivering 37.4 TB of data. This incident highlights the escalating scale of DDoS threats and the need for automated, high-capacity defenses.
Attack Overview
The attack peaked at 7.3 Tbps, surpassing Cloudflare’s previous record of 6.5 Tbps set in April 2025 by 12%. The bulk of the traffic (99.996%) consisted of UDP floods, with minor contributions from reflection/amplification vectors like QOTD, NTP, and RIPv1. A Mirai botnet leveraging compromised IoT devices generated the traffic, originating from 122,145 unique IPs across 161 countries. Brazil and Vietnam accounted for 50% of the attack sources.
Mitigation Techniques
Cloudflare’s global anycast network (477 data centers in 293 locations) absorbed the attack. Key mitigation components included:
- eBPF-powered fingerprinting: Linux kernel programs identified attack patterns via the
dosdheuristic engine. - Automated threshold rules that dropped malicious packets within seconds.
- Real-time threat intelligence sharing between servers to refine detection accuracy.
Technical Implications
The attack’s volumetric nature underscores vulnerabilities in legacy protocols (e.g., QOTD on UDP/17) and insecure IoT devices. Cloudflare’s Q1 2025 report noted a 358% YoY increase in DDoS attacks, with 6.6 million targeting its infrastructure. Hosting providers and ISPs remain prime targets due to their critical role in internet connectivity.
Defensive Recommendations
For organizations facing similar threats:
- Deploy network-layer DDoS protection with automated traffic analysis.
- Disable unnecessary UDP-based services to reduce reflection/amplification risks.
- Monitor for Mirai botnet indicators in IoT device traffic.
Cloudflare’s handling of this attack demonstrates the effectiveness of distributed, algorithmic defenses against hyper-scale threats. As attack volumes grow, reliance on human intervention becomes impractical—automation is now mandatory.
References
- “Record-Breaking 7.3 Tbps DDoS Attack,” CyberPress, Jun. 2025.
- Reddit thread on attack specifics, Jun. 2025.
- “Record-Shattering DDoS Attack,” CyberNews, Jun. 2025.
- “Cloudflare Neutralizes Largest DDoS Onslaught,” Telecoms Tech News, Jun. 2025.
- Cloudflare Community Post, Jun. 2025.
- GBHackers Attack Analysis, Jun. 2025.
- LinkedIn Threat Intelligence Update, Jun. 2025.
