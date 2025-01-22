Security experts have warned of an increase in hyper-volumetric DDoS attacks designed to overwhelm networks, after revealing the largest such effort to date peaked at 5.6 Terabits per second (Tbps).

Cloudflare claimed the October 29 UDP attack was launched by a Mirai-variant botnet comprised of 13,000 IoT devices and targeted an East Asia ISP.

Although it only lasted 80 seconds, the attack is illustrative of a growing trend for hyper-volumetric Layer3/Layer4 DDoS attacks in recent months.

“In 2024 Q3, we started seeing a rise in hyper-volumetric network layer DDoS attacks. In 2024 Q4, the amount of attacks exceeding 1Tbps increased by 1,885% [quarter-on-quarter] QoQ and attacks exceeding 100 million pps (packets per second) increased by 175% QoQ,” Cloudflare explained.

“16% of the attacks that exceeded 100 million pps also exceeded 1 billion pps. This rise in attack size renders capacity-limited cloud DDoS protection services or on-premise DDoS appliances obsolete.”

Overall, Cloudflare blocked around 21.3 million DDoS attacks in 2024, a 53% annual increase – including 6.9 million in Q4, which represents a 16% quarter-over-quarter increase and an 83% annual rise. Around half of the attacks stopped in the last three months of 2024 were Layer3/Layer4 and half were HTTP DDoS attempts – with most launched by botnets.

“An additional 11% were HTTP DDoS attacks that were caught pretending to be a legitimate browser,” Cloudflare continued. “Another 10% were attacks which contained suspicious or unusual HTTP attributes. The remaining 8% were generic HTTP floods, volumetric cache busting attacks, and volumetric attacks targeting login endpoints.”

Despite encountering the largest-ever DDoS to date, Cloudflare claimed that the majority (63%) of HTTP DDoS attacks did not exceed 50,000 requests per second, while most (93%) network-layer attacks did not exceed 500Mbps and 87% did not exceed 50,000 pps.

New Tactics and Techniques to Watch

However, it warned that threat actors are continuing to hone their tactics. It spotted the biggest quarterly increase in Memcached (314%) and BitTorrent (304%) DDoS attacks in Q4.

Memcached is a database caching system which supports UDP and can be abused to launch amplification or reflection DDoS attacks.

Cloudflare also noted a growing use of “powerful botnets driven by geopolitical factors,” which has effectively broadened the range of potentially exposed organizations, as well as an increase in the use of DDoS for extortion.