Cloudflare Thwarts Hyper-Volumetric DDoS Attacks at Record Scale
Cloudflare has announced that its automated systems successfully repelled a series of hyper-volumetric DDoS attacks, with two waves peaking at 22.2 Tbps and 10.6 Bpps, all without the need for human intervention.
The term hyper-volumetric refers to traffic and packet floods so massive that conventional filters fail to distinguish legitimate requests from noise. In the company’s reports, such incidents are classified as L3/4 floods exceeding a terabit per second or billions of packets per second.
Earlier in 2025, attacks had already been recorded at levels of 7.3 Tbps and 11.5 Tbps, underscoring the accelerating escalation of threat volumes and the critical need for automated, edge-based defenses.
Attackers typically combine UDP floods, reflection techniques, and spoofed source addresses, harnessing both cloud resources and IoT botnets to generate abnormal surges of traffic.
Few platforms can withstand such spikes. Success depends on the capacity and agility of traffic intake at the network edge, the speed of BGP route adjustments, the ability to distinguish valid requests from malicious noise in real time, and the availability of a distributed resource pool for scrubbing. By contrast, scrubbing centers tied to the fixed capacity of a single node risk being overwhelmed.
For clients and providers, resilience should be measured not merely by advertised throughput but by architectural design—distributed filtering at points of presence, automated scaling of network functions, and predefined emergency routing scenarios with countermeasures against UDP amplification attacks.
This incident confirms a growing trend: hyper-volumetric DDoS attacks are no longer rare events. Providers must be able to offer verifiable coverage metrics, enforceable SLAs, and tangible proof of protection in the form of incident logs and stress-test reports.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
