Key Takeaways
Sources confirm that Cloudflare blocked the largest-ever-recorded DDoS attack, which peaked at 11.5 terabits per second (Tbps) and lasted around 35 seconds.
The company shared on X that the attack was a UDP (User Datagram Protocol) flood that came from a mix of compromised IoT devices and cloud providers.
Cloudflare's defenses have been working overtime. Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps. The 11.5 Tbps attack was a UDP flood that mainly came from Google Cloud.… pic.twitter.com/3rOys7cfGS
— Cloudflare (@Cloudflare) September 1, 2025
A UDP flood happens when attackers overwhelm a target with millions of fake data packets so quickly that servers can’t keep up.
To pull this off, hackers often hijack insecure smart devices — like webcams, routers, or monitors — and link them into a giant botnet army.
The traffic was initially believed to be coming from Google Cloud due to forged virtual servers on the platform. Cloudflare later clarified that the attack actually drew from multiple sources. It’s also unclear what the target of the attack was.
This comes just months after the company stopped a “monumental” 7.3 Tbps DDoS attack against a hosting provider, which peaked at 37.4 terabytes of traffic in just 45 seconds.
For Cloudflare, this seems to be business as usual. In Q2 alone, it mitigated more than 71 hyper-volumetric attacks per day.
Why Hosts Are So Often the Target
Hosts and critical internet infrastructure have historically been favorite targets. The payoff is great: A single attack cripples not only one site, but potentially dozens to thousands, especially if they’re on shared servers.
And since hosting providers have to keep endpoints open to receive and transmit data — like HTTP requests or APIs — there’s even more risk and opportunity for DDoS attacks to flood.
Statistics show that cyberattackers are campaigning DDoS attacks more than ever before thanks to AI, which can create massive botnets and automated attacks. In fact, Cloudflare reported that Q1 2025 alone saw 20.5 million DDoS attacks, which was almost the same number of attacks recorded for all of 2024.
Older flooding styles looked more like blunt force attacks, where a hacker might perform endless HTTP requests until the system eventually got overwhelmed and shut down. They were noisy and repetitive, making them easy to spot and block.
But now, AI-powered attacks adapt as they go. It’s as Richard Hummel, the Director of Threat Intelligence at Netscout, wrote:
“AI-enhanced attacks could analyze defensive responses in real time, identify rate‑limiting thresholds, mimic legitimate traffic patterns, and coordinate multi‑vector attacks that evolve faster than human defenders can respond.”
That means that even if a provider has built-in defenses, they may not be enough anymore.
And if Cloudflare’s ongoing efforts to mitigate automated attacks should show the industry anything, it’s that it’s not just about the sheer size of them, but how smart they’re working and how fast they’re moving.
