DDoS attacks continue to grow ever bigger, with Cloudflare recently blocking the largest ever recorded at 37.5 TB over 45 seconds

It seems like yesterday that I was talking to Cloudflare about DDoS attacks, the sheer number of nefarious attacks the company deals with on a daily basis, and how things seem to be getting worse, but it was actually back in May. Not long after our chat, though, something happened that confirmed what we were discussing: the largest ever recorded DDoS attack on a single IP address, a sustained deluge of 7.3 billion bits per second or 37.4 TB over 45 seconds.

Cloudflare has spilled the beans on the attack in a highly detailed blog post (via Ars Technica) and it’s a wall of staggering numbers. The distributed denial of service (DDoS) attack attempted to breach up to 34,517 destination ports of a Cloudflare customer’s IP address, and the vast majority of the attempts (technically known as an attack vector) took the form of a UDP packet flood.

User Datagram Protocol (UDP) packets are little chunks of data that are used to make it quicker to send and receive videos, game information, or even just server details. Unlike the usual TCP (Transmission Control Protocol), there’s no handshake between the devices nor any kind of data check; upon receiving a UDP communication, a server will just send out the relevant data immediately.

The idea behind this kind of attack is that the server receiving all these UDP demands is simply unable to cope, and it gets so clogged up with the requests that its normal duties are completely sidelined. If that server is hosting a website, for example, the whole site essentially becomes frozen, and perhaps even bails out entirely.

Those attacks came from a total of 5,433 autonomous systems across 161 countries, with approximately 50% of them originating from Brazil and Vietnam—all trying to flood the IP address with 7.3 Tb (billion bits) of junk data every second. That’s so much that even though the attack only lasted for 45 seconds, the total incoming data flow accumulated to just under 38 TB.

That’s like trying to jam 260 copies of Baldur’s Gate 3 onto a single SSD in less than a minute. Seems pretty alarming, yes? Fortunately, Cloudflare is set up to specifically deal with this kind of stuff, and while the numbers are huge, they’re not exactly new to the company.

“We’ve seen substantial increases in attacks over the last six months,” said Grant Bourzikas, Cloudflare’s chief security officer, when we chatted last month. “In fact, last week we saw a 6.5 terabit per second attack. Now what’s interesting is, over the last six months, we saw a record at 3.5 terabits a second.”

Then we saw a record the following week at 4.5 terabytes a second, and then you see one at 5.5 terabytes. And then we saw the one two weeks ago. That was about 6.5 terabits a second.”

Cloudflare’s blog speaks further about how it detects and prevents DDoS attacks from shutting down its servers, but if it’s a bit too technical for you, Bourzikas has a simplified summary for you:

“When Cloudflare was built, one of the capabilities was, well, if you’re in Manchester, we stop it in Manchester. If there’s an attack in London, we stop it in London. If there’s an attack in Paris, we stop it in Paris. That’s such a unique capability, because you can’t flood the network.”

That network in question handles roughly 20% of all Internet traffic, and comprises servers in 350 locations across 120 countries. One might moan a little when reading about yet another big data center being built down the road, but if it’s a Cloudflare one, then be thankful it’s able to do this because you just know the next record DDoS attack will be even bigger. Let’s just hope that providers will always be able to stay one step ahead of the attackers.