The largest distributed denial of service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices.
The UDP-based attack occurred last year on October 29 and targeted an Internet service provider (ISP) in East Asia with the aim of taking its services offline.
Security and connectivity services provider Cloudflare says the attack lasted 80 seconds but had no impact on the target and generated no alerts because its detection and mitigation was completely autonomous.
Source: Cloudflare
A previous DDoS attack reported by Cloudflare in early October 2024 peaked at 3.8 Tbps, lasted 65 seconds and held the record for the largest volumetric attack.
Hyper-volumetric attacks are increasing
Hyper-volumetric DDoS attacks began to become more frequent, a trend that became noticeable in the third quarter of 2024, according to Cloudflare. In the fourth quarter of the year, attacks began to exceed 1 Tbps, with quarter-over-quarter growth of 1,885%.
Attacks exceeding 100 million packets per second (pps) also increased by 175%, with 16% also exceeding 1 billion pps.
.jpg)
Source: Cloudflare
Hyper-volumetric HTTP DDoS attacks made up only 3% of the total recorded, with the remaining 63% being small attacks of no more than 50,000 requests per second (rps).
The statistics are similar for network layer (Layer 3/Layer 4) DDoS attacks, where 93% did not exceed 500 Mbps and 87% were limited to numbers below 50,000 pps.
DDoS blitz attacks
Cloudflare warns that DDoS attacks are increasingly fleeting, to the point where it is impossible for a human to respond, analyze traffic, and apply mitigation measures.
Approximately 72% of HTTP attacks and 91% of DDoS attacks on the network layer were completed in less than 10 minutes. On the other side of the spectrum, only 22% of HTTP attacks and 2% of DDoS attacks at the network layer lasted more than an hour.
Source: Cloudflare
The internet security company says these short bursts of overwhelming traffic typically occur during peak usage periods, such as during holidays and business events, for maximum impact.
This sets the stage for DDoS-for-ransom attacks, which also saw a notable 78% quarter-on-quarter increase and 25% year-over-year growth, peaking in the fourth quarter and Christmas holiday period.
Source: Cloudflare
“The short duration of attacks highlights the need for an automated, online, always-on DDoS protection service,” Cloudflare explains.
The company says the most attacked targets in the last quarter of 2024 were in China, the Philippines and Taiwan, followed by Hong Kong and Germany.
Cloudflare telemetry data shows that most of the targets were in the telecommunications industry, service providers and operators, the internet industry, and marketing and advertising.
