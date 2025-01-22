Cloudflare says it blocked a 5.6Tbps DDoS attack in October 2024

The attack came from a Mirai botnet

It included 13,000 IPs, and lasted 80 seconds

Cloudflare has claimed it recently blocked the largest Distributed Denial of Service (DDoS) attack ever recorded.

In a blog post, the company said that in late October 2024, its defense mechanisms blocked a 5.6Tbps UDP (User Datagram Protocol) DDoS attack. To put things into perspective, the (now) second-largest DDoS attack ever was 3.8Tbps, also blocked by Cloudflare, also in October 2024.

The company said the attack was launched by a Mirai-variant botnet, and targeted an Internet Service Provider (ISP) from Eastern Asia.

Shorter but more violent

The attack lasted just over a minute (80 seconds), and involved more than 13,000 Internet-of-things (IoT) devices, it was said.

As attackers change their strategies to better adapt to an evolving DDoS threat landscape, the attacks have generally been getting shorter in duration but more intense and frequent.

Despite its destructive potential, the attack did no damage, Cloudflare said, since both detection and mitigation were fully autonomous.

“It required no human intervention, didn’t trigger any alerts, and didn’t cause any performance degradation,” Cloudflare said. “The systems worked as intended.”

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

The researchers also stressed that while the total number of unique source IP addresses was around 13,000, the average unique source IP addresses per second was 5,500. Each of the 13,000 IP addresses contributed less than 8 Gbps per second, while the average contribution of each IP address per second was around 1 Gbps (~0.012% of 5.6 Tbps).

Mirai is one of the most infamous botnets out there. Its source code leaked in 2017, after which different threat actors started building their own variants. Today, Mirai and its variants often make headlines, targeting different organizations with large-scale DDoS attacks. Just this week, security researchers observed two variants, ‘gayfemboy’, and ‘Murdoc Botnet’.