ZP Enterprises

Your Go-To Source for Cyber Security Insights and Solutions

Cyber Security Cybercrime Health Internet

Cloudflare Mitigates Historic World Record 29.7 Tbps DDoS Attack!

ByZP Enterprises Webmin

Dec 4, 2025 #Cyber Crime, #Cyber Security, #Hack, #Internet
DDOS Attack - New World Record Attack

New world record: 29.7 Tbps autonomously mitigated by Cloudflare

In a remarkable demonstration of cyber-attack firepower, a massive distributed denial-of-service (DDoS) assault originating from the Aisuru botnet has now shattered previous records — peaking at an astonishing 29.7 terabits per second (Tbps) and around 14.1 billion packets per second (Bpps).

The revelation, disclosed in the latest Quarterly Threat Report by major web-infrastructure firm Cloudflare, marks a decisive acceleration in the capacity of cybercriminals to marshal global internet resources into overwhelming floods of traffic.

The Layers Behind the Record — What We Know So Far

📈 Botnet Scale & “Carpet-Bombing” Strategy

Cloudflare attributes the attack to Aisuru, a sprawling botnet now estimated to harness between 1 million and 4 million infected devices globally — including compromised routers, Internet-of-Things (IoT) gadgets, and other poorly secured endpoints.

The attack itself was reportedly structured as a UDP “carpet bombing” flood: a torrent of UDP packets dispatched at a staggering velocity — roughly 15,000 destination ports per second — with randomized packet attributes designed to evade static filtering or legacy scrubbing systems.

Such tactics demonstrate how attackers are increasingly turning to sheer volume and protocol-level manipulation — rather than subtle or slow-burn intrusions — to stress and potentially overwhelm even robust network defenses.

Aisuru botnet has targeted a broad range of industries, including telecommunications providers, gaming platforms, hosting companies and financial-services firms. According to reporting by Krebs on Security, the massive volume of botnet traffic has also produced “widespread collateral Internet disruption” in the United States as it passed through major Internet Service Providers (ISPs).

The incident underscores the potential scale of the threat. Experts warn that if Aisuru can disrupt portions of U.S. internet infrastructure without directly targeting ISPs, the consequences could be far more severe if such an attack were aimed intentionally at underprotected ISPs, critical infrastructure, healthcare systems, emergency networks or military assets.

🚨 An Industry-Wide Surge, Not a One-Off

This 29.7 Tbps event, occurring in Q3 2025, is far from an isolated incident. The same Cloudflare report documents a 54% quarter-over-quarter jump in “hyper-volumetric” attacks (i.e., attacks exceeding 1 Tbps or 1 Bpps), with an average of approximately 14 such mega-attacks launched daily.

Altogether, Cloudflare blocked 8.3 million DDoS attacks in Q3 alone, representing a 15% increase from the previous quarter and a 40% rise year-on-year.

This surge is part of a broader trend — earlier in 2025 alone the company blocked a record 7.3 Tbps attack (in June) and an 11.5 Tbps attack in September, demonstrating a rapid escalation in both the frequency and intensity of volumetric assaults.

Attack Source By Region

Seven of the ten largest attack sources are located in Asia, with Indonesia leading by a wide margin. Indonesia has been the world’s top origin of DDoS attacks for a full year (since Q3 2024). Even before taking the top spot, it consistently appeared among the highest-ranked attack sources. In Q2 2024, Indonesia rose to the second-largest source after steadily climbing from lower positions in earlier quarters and years.

Indonesia’s rapid emergence as a major DDoS hub is striking. Over the past five years (since Q3 2021), the share of global HTTP DDoS attack requests originating from Indonesia has surged by an astonishing 31,900%.

Broader Implications: Why This Attack Matters

The Growing Fragility of Core Internet Infrastructure

That a single botnet — even one as large as Aisuru — can mount an attack in excess of 29 Tbps underscores how fragile global internet infrastructure has become under extreme load. Many network links, ISPs, hosting providers and cloud platforms were simply not designed to handle consistent multi-terabit attack traffic.

This isn’t just about taking down a website — at volume this high, attackers have the potential to saturate backbone connections, crash national-scale ISPs, or paralyse entire sectors temporarily. As noted by security analysts, multi-terabit assaults are transitioning from rare outliers to a recurring operational reality.

Weaponized Botnets as “DDoS-as-a-Service”

Aisuru’s structure — infected IoT and router devices scattered globally — and the fact that parts of the botnet are reportedly “brokered as chunks” for hire, make this a dangerous evolution: non-sophisticated attackers can now rent enough firepower to mount backbone-shaking attacks for just a few hundred or thousand dollars.

This trend de-specialises powerful cyberattacks: you no longer need to be a state-sponsored group or highly skilled hacker to stage multi-terabit strikes. The barriers to entry are falling dramatically.

Geopolitics, Industry Pressure, and Attack Targets

Beyond raw metrics, the distribution and motives of attacks are evolving. Cloudflare’s report highlights surging DDoS traffic against industries such as telecommunications, hosting, gaming, and financial services — sectors critical to national infrastructure and economic stability.

Notably, in Q3 2025, DDoS traffic targeting generative-AI providers reportedly soared by up to 347% month-over-month — a trend that appears to shadow mounting public scrutiny and regulatory pressure on AI.

Simultaneously, rising attacks on sectors like mining, metals, and automotive have been linked by some analysts to shifting global trade dynamics (e.g., EU–China rare-earth tensions), suggesting DDoS campaigns are increasingly influenced by geopolitical friction.

Defenses Are Improving — But the Pressure Keeps Mounting

Automated Mitigation and Real-Time Countermeasures

Despite the unprecedented scale of the attack, Cloudflare reports that its automated mitigation stack detected and filtered the flood within seconds — preventing visible impact for the targeted customer.

Similarly, just weeks earlier, Microsoft Azure successfully thwarted a 15.72 Tbps DDoS attack — also linked to Aisuru — aimed at a single endpoint, using its cloud-based DDoS protections.

This suggests that with sufficient preparation and robust, automated, inline defenses, even record-breaking attacks can be absorbed without catastrophic service disruption.

But the Landscape Is Shifting — Defenses Must Keep Up

That said, the relentless increase in both volume and frequency of attacks means defenders must scale their infrastructure and adopt more dynamic, adaptive mitigation strategies. Traditional, manual, or capacity-limited protections — like legacy scrubbing centers or fixed-bandwidth scrubbing appliances — are fast becoming obsolete. Experts argue that mitigation architecture must now be global, automated, and elastic, with enough headroom to absorb multi-terabit floods while allowing legitimate traffic to flow.

Meanwhile, the economics of botnet-as-a-service raise serious concerns: with cheap access to enormous firepower, cyberattacks may escalate further in both scale and regularity, lowering the bar for who can carry out disruptive campaigns.

What Comes Next: Why This Should Worry Us All

The emergence of Aisuru — a botnet capable of mobilising millions of compromised devices — heralds a new era in which global internet resilience is being stress-tested daily. That 29.7 Tbps attack may be the new record today — but the architecture now exists to push even further.

For organisations reliant on stable connectivity — from financial institutions to cloud-native services, from gaming platforms to critical infrastructure providers — this means DDoS is no longer a “rare threat.” It is now a baseline operational hazard.

Even everyday internet users may feel ripple effects: slower service, regional disruptions, collateral damage when backbone links or regional ISPs come under saturation load — even if they are not the primary target.

To stay ahead, defenders must:

  • Harden and monitor all Internet-facing devices, especially IoT and consumer-grade routers.
  • Invest in scalable, automated, globally distributed mitigation infrastructure.
  • Collaborate with peers and service providers to share threat intelligence and respond collectively.

Because in 2025, cyber “worst-case scenarios” aren’t theoretical — they’re actively being tested, in real-time, on the global internet

Types of DDoS Attacks

Distributed Denial of Service (DDoS) attacks can be categorized into three main types: volumetric attacks, protocol attacks, and resource layer attacks.

  1. Volumetric Attack: This type of attack aims to flood the network with traffic that initially appears legitimate. Volumetric attacks are the most frequent type of DDoS attack. A common example is DNS (Domain Name Server) amplification, which leverages open DNS servers to overwhelm a target with an excessive volume of DNS response traffic.
  2. Protocol Attack: Protocol attacks disrupt services by exploiting weaknesses in the layer 3 and layer 4 protocol stack. A well-known example is a SYN flood attack, where an attacker consumes all available server resources by repeatedly initiating connection requests.
  3. Resource (or Application) Layer Attack: This type of attack focuses on targeting web application packets, disrupting the flow of data between hosts. Examples include HTTP protocol violations, SQL injections, cross-site scripting, and other layer 7 attacks.

Cyber-attackers may use a combination of these types to maximize damage. For instance, an attack might start as one type and evolve into or combine with others to amplify its impact on the target system.

Furthermore, each category contains a variety of attack methods, with the frequency of new cyber threats continuing to rise as attackers become more advanced.

How to Detect and Respond to a DDoS Attack

Although there isn’t a single method to detect a DDoS attack, there are a few telltale signs your network might be under assault:

  • A sudden and unusual spike in web traffic, often from the same IP address or range.
  • A significant slowdown in network performance or erratic behavior.
  • Complete inaccessibility of your website, online store, or service.

Modern security software can assist in identifying potential threats by alerting you to unusual system changes, allowing for quick responses. It’s also vital to have a pre-defined DDoS action plan in place, detailing specific roles and response procedures. Since not all DDoS attacks are identical, it’s crucial to tailor your response to the particular attack you’re facing.

How to Prevent DDoS Attacks

Prevention is the best defense. Having a well-prepared process in place before a cyberthreat emerges is critical for detecting and addressing attacks promptly.

Here are some key steps to prepare:

  • Develop a comprehensive denial-of-service defense strategy to detect, prevent, and mitigate DDoS attacks.
  • Regularly assess potential threats and identify any vulnerabilities in your security setup.
  • Ensure all protective software and technologies are up to date and functioning properly.
  • Train your team and assign clear roles in case of an attack.

By implementing the right products, processes, and services, your business will be better equipped to respond when an attack is detected.

DDoS Protection

To better protect your network from future attacks, consider the following actions:

  • Conduct regular risk assessments to identify areas that need threat protection.
  • Establish a dedicated DDoS response team tasked with identifying and addressing attacks.
  • Implement robust detection and prevention tools across your online operations, and train employees on what to watch out for.
  • Continuously evaluate the effectiveness of your defense strategy, conduct practice drills, and plan for next steps to improve.

A proactive approach to DDoS protection is essential for safeguarding your business from evolving cyber threats.

About Cloudflare

Cloudflare is an American company that delivers services like a DNS, a content delivery network (CDN) and many other additional services to make websites faster and more secure. Cloudflare is used by more than 26 million sites, resulting in processing more than 1 billion IP-addresses each day.

Source : Cyber Security Hub Newsletter

By ZP Enterprises Webmin

Related Post

Cyber Security

Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration

Dec 23, 2025 ZP Enterprises Webmin
Administration Cyber Security Infrastructure

Cybersecurity Analyst

Dec 21, 2025 ZP Enterprises Webmin
Android Cyber Security Cybercrime Google Malware / Viruses / Worms Uncategorized

DroidLock Malware – Android

Dec 16, 2025 ZP Enterprises Webmin