Cloudflare Just Blocked the Largest-Ever DDoS Attack

Cloudflare Just Blocked The Largest Ever Ddos Attack
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Updated:
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
1k
1k

Key Takeaways

Sources confirm that Cloudflare blocked the largest-ever-recorded DDoS attack, which peaked at 11.5 terabits per second (Tbps) and lasted around 35 seconds.

The company shared on X that the attack was a UDP (User Datagram Protocol) flood that came from a mix of compromised IoT devices and cloud providers.

A UDP flood happens when attackers overwhelm a target with millions of fake data packets so quickly that servers can’t keep up.

To pull this off, hackers often hijack insecure smart devices — like webcams, routers, or monitors — and link them into a giant botnet army.

The traffic was initially believed to be coming from Google Cloud due to forged virtual servers on the platform. Cloudflare later clarified that the attack actually drew from multiple sources. It’s also unclear what the target of the attack was.

This comes just months after the company stopped a “monumental” 7.3 Tbps DDoS attack against a hosting provider, which peaked at 37.4 terabytes of traffic in just 45 seconds.

For Cloudflare, this seems to be business as usual. In Q2 alone, it mitigated more than 71 hyper-volumetric attacks per day.

Why Hosts Are So Often the Target

Hosts and critical internet infrastructure have historically been favorite targets. The payoff is great: A single attack cripples not only one site, but potentially dozens to thousands, especially if they’re on shared servers.

And since hosting providers have to keep endpoints open to receive and transmit data — like HTTP requests or APIs — there’s even more risk and opportunity for DDoS attacks to flood.

Statistics show that cyberattackers are campaigning DDoS attacks more than ever before thanks to AI, which can create massive botnets and automated attacks. In fact, Cloudflare reported that Q1 2025 alone saw 20.5 million DDoS attacks, which was almost the same number of attacks recorded for all of 2024.

Graph titled 'DDoS attacks by year and type'
DDoS attacks by year and type. Source: Cloudflare

Older flooding styles looked more like blunt force attacks, where a hacker might perform endless HTTP requests until the system eventually got overwhelmed and shut down. They were noisy and repetitive, making them easy to spot and block.

But now, AI-powered attacks adapt as they go. It’s as Richard Hummel, the Director of Threat Intelligence at Netscout, wrote:

“AI-enhanced attacks could analyze defensive responses in real time, identify rate‑limiting thresholds, mimic legitimate traffic patterns, and coordinate multi‑vector attacks that evolve faster than human defenders can respond.”

That means that even if a provider has built-in defenses, they may not be enough anymore.

And if Cloudflare’s ongoing efforts to mitigate automated attacks should show the industry anything, it’s that it’s not just about the sheer size of them, but how smart they’re working and how fast they’re moving.

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »