A record-breaking 7.3 terabits per second DDoS attack has targeted a Cloudflare customer, marking the largest such attack documented. The assault, which lasted just 45 seconds, generated 37.4 terabytes of junk traffic, equivalent to over 9,300 HD movies. The attack leveraged multiple reflection/amplification vectors and Mirai-based botnets to overwhelm the target’s infrastructure.
Cloudflare described the attack as a "carpet bombing" of nearly 22,000 destination ports across a single IP address. The attack exploited various protocols including the Network Time Protocol, Quote of the Day Protocol, Echo Protocol, and Portmapper services. These are commonly used for legitimate network functions but can be weaponized for large-scale attacks when hijacked by malicious actors.
Such attacks are typically executed through botnets composed of compromised IoT devices, such as home routers, web cameras, and small office equipment. These devices are often left with default settings or weak security configurations, making them prime targets for cybercriminals. The scale of this attack highlights the growing sophistication of threat actors and the urgent need for improved cybersecurity measures across the internet infrastructure.