Yet Another Record-Breaking DDoS Botnet Attack Was Just Reported by Cloudflare

Another Record Breaking Ddos Attack Was Reported By Cloudflare
Follow Us:
1k
1k

Cloudflare recently blocked yet another massive 40-second DDoS botnet attack at 22 terabits per second (Tbps) — a record-breaking number. The attack on Sept. 24 comes just weeks after Cloudflare reported the largest DDoS attack it had seen up to that point, peaking at 11.5 Tbps and lasting around 35 seconds.

While these floods don’t always knock targets fully offline, their scale alone should have the entire internet infrastructure industry on alert. When botnets nearly double their record attack volume in less than a month, it’s yet another reminder that the bar for DDoS defense has just been raised — again.

Some Defenses Are Struggling

Cloudflare took to X to update the masses on the 22 Tbps attack that occurred on Sept. 24: “Cloudflare just autonomously blocked hyper-volumetric DDoS attacks twice as large as anything seen on the Internet before — peaking at 22.2 Tbps & 10.6 Bpps. Can your mitigation provider’s scrubbing capacity handle that scale?”

It’s a fair question: The Sept. 24 attack originated from a massive botnet and surged to 10.6 billion packets per second (Bpps). And yet, Cloudflare’s data shows that it’s not just about higher volume, but about the pace. A 22 Tbps peak today could look small a year from now if attackers continue to expand their botnets and refine their tactics. (And they most certainly will.)

For hosts, there’s a classic challenge because, for every new record, that means there are higher costs to maintain mitigation. It’ll be especially pressing on shared infrastructure (multi-tenant hosting and reseller platforms) with guaranteed SLAs.

Cloudflare graph of DDoS attack
The Sept. 24 attack lasted 40 seconds at 22 Tbps per second. Source: Cloudflare

Further research by Qrator Labs shows attackers are changing their DDoS tactics, not just scaling volume: In Q2 2025, application-layer (L7) attacks spiked 74% year over year, compared with 43% growth at the network layer.

ResearchGate’s answer to this is layered defenses, which means blending human expertise with AI-driven detection.

This particular study compared traditional signature methods, anomaly detection, and machine learning, finding that ML delivered the highest detection accuracy (around 95%) but also introduced challenges with scalability and false positives, which is where human expertise comes in.

It’s as Arun Kumar, Senior Security Researcher at Fastly, told HostingAdvice: “You can’t secure what you can’t see, and without clear verification standards, AI-driven automation risks are becoming a blind spot for digital teams.”

If there’s anything to take from Cloudflare’s findings, it’s that DDoS defense isn’t something you set and forget. The attacks are evolving too quickly, so whether hosts have built their own stack or lean on a trusted vendor, they need to keep a close eye on what’s going on in today’s landscape.