Record-Breaking 22.2 Tbps DDoS Attack Shatters Internet Security Milestone

Cloudflare today revealed that its autonomous defenses mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at a staggering 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps).

This hyper-volumetric strike eclipses the previous UDP flood record of 11.5 Tbps, marking more than a two-fold increase in scale.

Lasting roughly 40 seconds, the rapid “hit-and-run” assault aimed to overwhelm and disrupt services before conventional defenses could react.

The assault leveraged a massive, globally distributed botnet composed of compromised servers, IoT devices, and home routers, unleashing a torrent of malicious traffic designed to saturate Cloudflare’s network.

By comparison, the prior record-setting event peaked at 11.5 Tbps and endured for 35 seconds.

Record-Breaking 22.2 Tbps DDoS Attack

The new attack’s immense volume and velocity highlight a troubling trend: adversaries are increasingly capable of harnessing larger pools of compromised devices and refining their amplification techniques.

• Massive botnet infrastructure spanning hundreds of thousands of nodes.
• Combination of UDP floods, DNS amplification, and SYN reflection.
• Peak traffic of 22.2 Tbps and 10.6 Bpps in under a minute.
• Duration optimized at 40 seconds to evade manual defenses.

Multi-vector strategies combining UDP floods, amplification methods, and protocol abuses were employed to maximize throughput and strain on target resources.

Such “hyper-volumetric” onslaughts push legacy scrubbing centers beyond their limits, as human-driven traffic redirection and manual packet inspection cannot keep pace with these machine-scale events.

During the 40-second attack, Cloudflare’s algorithms identified anomalous traffic patterns in real time, applied tailored mitigation rules, and seamlessly diverted offending packets—all without human intervention.

The shift from manual rule writing and traffic redirection to autonomous orchestration underscores the necessity for security providers to invest in AI-powered defenses capable of responding at the speed of attack.

As botnets continue to grow and attackers refine amplification techniques, future attacks may surpass 25 Tbps or combine volumetric floods with application-layer bursts and connection exhaustion tactics.

Without real-time, AI-driven mitigation and expansive global networks, victims risk prolonged outages, revenue loss, and reputational damage.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.