Cloudflare Smashes Record: Thwarts 29.7 Tbps DDoS Attack—Largest in History
Cloudflare just swatted away a digital tsunami. The cybersecurity giant neutralized a record-shattering distributed denial-of-service assault, clocking in at a staggering 29.7 terabits per second. This wasn't just another attack—it was a firehose of malicious traffic aimed at overwhelming online infrastructure.
The Anatomy of an Onslaught
DDoS attacks work by flooding a target with junk requests, rendering it inaccessible to real users. This particular barrage leveraged a botnet—a hijacked army of connected devices—to generate an unprecedented volume of data. The scale was monumental, designed to punch through even the most robust defenses.
Why This One Matters
Each new record-breaking attack resets the baseline for what's possible. It signals to every organization, from startups to global enterprises, that threat actors are scaling their firepower. The defenses that worked yesterday might not hold tomorrow. For the crypto world, where exchange uptime is literal money, it's a stark reminder that digital fortresses need constant reinforcement.
The Silent War for Uptime
Behind the scenes, it's a relentless game of cat and mouse. Attackers innovate with new methods; defenders like Cloudflare deploy advanced mitigation scrubbing centers and machine learning to filter the signal from the noise. This victory wasn't about luck—it was about layered architecture absorbing a blow meant to cripple.
So, while the headlines scream about the attack size, the real story is the resilience that held. It's a costly arms race, of course—good thing someone's making a fortune selling both the digital shovels and the cyber band-aids. The internet's backbone just got stress-tested, and for now, it held firm.
AISURU botnet breaks the DDoS record
AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. In all, CloudFlare has mitigated 2,867 Aisuru attacks since the start of the year, out of which 1,304 hyper-volumetric attacks were launched from the botnet in the third quarter of 2025 alone.
A total of 8.3 million DDoS attacks were blocked during the entire time period. This figure represents a 15% increase from the previous quarter and a 40% jump from last year. In 2025, 36.2 million DDoS attacks were thwarted, including 1,304 network-layer attacks exceeding 1 Tbps, up from 717 in Q1 2025 and 846 in Q2 2025.
According to Cloudflare, Aisuru’s actions have already caused problems in the US, even though ISPs were not the original target. Even important services like emergency services and healthcare could be disrupted indirectly when botnet traffic fills up backbone cables.
Aisuru-driven attacks can happen in a lot of different industries. Telecommunications is the most affected sector in the US, but other countries have seen different sectors hurt the worst. Gaming in Germany, banking in Austria, retail in Canada and France, and cybersecurity companies in the UK are all mentioned in the investigation. The botnet attacks are set up to hit the most important industries in each area.
Cloudflare did, however, experience an internal self-inflicted denial-of-service event last month. As reported by Cryptopolitan, the issue was caused by a faulty dashboard update that overloaded its own systems, resulting in widespread outages until the faulty code was corrected.
DDoS attacks rose 31,900% in 4 years
DDoS attacks that target AI companies have surged by 347% month-over-month in Q3. This has been driven by rising public scrutiny and government investigations into the regulation of generative AI in the UK and EU.
A report revealed a 31,900% increase in HTTP DDoS traffic originating from Indonesia over a four-year period. Indonesia has maintained its position as the number 1 global source of DDoS attacks for over a year, reflecting both the country’s growing footprint in the IoT device ecosystem and the challenges of securing consumer-grade hardware.
Meanwhile, traditional methods of stopping DDoS attacks are no longer effective because the attacks are becoming larger and faster. Many systems that use scrubbing centers lack the ingress capability to detect attacks that exceed 20 Tbps, let alone stop them.
Cloudflare stopped an average of 3,780 DDoS attacks an hour in Q3 2025. Of these, 71% were network-layer attacks that ended in less than 10 minutes, which is too fast for manual reaction or on-demand activation.
According to experts, in addition to on-premise appliances or scrubbing centers with limited bandwidth, businesses should use always-on, globally distributed mitigation systems that can automatically respond at the terabit scale.
Get up to $30,050 in trading rewards when you join Bybit today
