Largest DDoS attacks now torture servers with up to 5.6 Tbps


Cloudflare saw the number of distributed Denial of Service (DDoS) attacks surge by 53% in 2024. One record-breaking DDoS attack peaked at 5.6 Terabits per second (Tbps).

In 2024, Cloudflare blocked around 21.3 million DDoS attacks, representing a 53% increase from a year ago.

In the fourth quarter alone, Cloudflare mitigated over 420 so-called hyper-volumetric DDoS attacks exceeding 1 Tbps, a 20-fold increase from the previous quarter.

ADVERTISEMENT

“During the week of Halloween 2024, Cloudflare’s DDoS defense systems successfully and autonomously detected and blocked a 5.6 Terabit per second (Tbps) DDoS attack – the largest attack ever reported,” Cloudflare said in its DDoS Threat Report.

Known botnets are responsible for most HTTP DDoS attacks, which are the most popular and have a 51% share.

Thirteen of the top user agents that appeared most frequently in DDoS attacks were older Chrome versions ranging from 118 to 129. Attackers choose common user agents to blend in with regular traffic.

Cloudflare noted that 99.9 percent of traffic coming from the HITV_ST_PLATFORM user agent, which is associated with smart TVs and set-top boxes, were malicious DDoS requests.

Network defenders should also note that attackers often choose HEAD or DELETE requests for DDoS attacks, instead of the most common GET and POST methods for legitimate HTTP traffic.

DDoS attacks on various network protocols had a 49% share. The most common attack vectors were SYN Flood, DNS flood, and UDP flood attacks.

The largest one was a DDoS attack abusing UDP (User Datagram Protocol).

“On October 29th, a 5.6 Tbps UDP DDoS attack launched by a Mirai-variant botnet targeted a Cloudflare Magic Transit customer, an Internet service provider (ISP) from Eastern Asia. The attack lasted only 80 seconds and originated from over 13,000 IoT devices,” Cloudflare said.

ADVERTISEMENT
vilius Ernestas Naprys jurgita Konstancija Gasaityte profile
Don’t miss our latest stories on Google News

Mirai is malware that turns computer systems running Linux into remotely controlled bots.

The majority of DDoS attacks rarely exceed 50,000 requests or packets per second and end in under ten minutes. However, the largest attacks can last for hours and beam millions of requests per second.

Indonesia was the largest source of DDoS attacks in 2024, followed by Hong Kong, Singapore, Ukraine, Argentina, Colombia, Russia, Bulgaria, South Korea and Germany.

Meanwhile, the 10 most attacked countries were China, Philippines, Taiwan, Hong Kong, Germany, Brazil, Singapore, Canada, India and Egypt.

Customers often believe that their competitors were behind the attacks (40%), the survey revealed. Other attackers were state-sponsored threat actors (17%), disgruntled customers (17%), and extortionists (14%). Seven percent of DDoS attacks were reported as self-inflicted.

Cloudflare also observed a surge in ransom DDoS attacks.

“This spike was predictable, given that Q4 is a prime time for cybercriminals, with increased online shopping, travel arrangements, and holiday activities. Disrupting these services during peak times can significantly impact organizations' revenues and cause real-world disruptions,” the report reads.

ADVERTISEMENT