In October 2024, Cloudflare recorded a record-breaking DDoS attack with a peak intensity of 5.6 Tbps. This incident reflected a global trend of increasing attack volume and sophistication, as detailed in the company’s latest report for the fourth quarter of 2024.
Cloudflare has continued to expand its global network, which, by the end of 2024, achieved a total throughput of 321 Tbps—a staggering 817% increase since its first report in 2020. Over this period, the number of protected websites and clients has grown significantly, enabling the company to offer unparalleled insights into cyber threats.
In 2024, Cloudflare blocked 21.3 million DDoS attacks, marking a 53% rise compared to 2023. On average, the company mitigated 4,870 attacks per hour. In the fourth quarter alone, over 420 attacks exceeded speeds of 1 Tbps, representing an astonishing 1,885% increase from the previous quarter.
The record-setting attack occurred on October 29 and was executed by a Mirai-based botnet, lasting only 80 seconds. It involved more than 13,000 IoT devices and peaked at 5.6 Tbps. Remarkably, Cloudflare neutralized the attack’s impact without any human intervention.
Among the most prevalent attack methods in the fourth quarter were SYN floods (38%), DNS floods (16%), and UDP floods (14%). Attacks leveraging Memcached and the BitTorrent protocol demonstrated significant growth, with activity surging by 314% and 304%, respectively, highlighting the expanding arsenal of hackers.
For the second consecutive quarter, Indonesia remained the largest source of DDoS attacks, followed by Hong Kong and Singapore. On the target side, China once again topped the list of countries most frequently attacked.
The telecommunications sector, internet service providers, and marketing agencies were the most affected industries.
The rise of automated attacks and the emergence of hyper-volumetric DDoS threats underscore the critical importance of proactive defense measures. Extortion-driven attacks are becoming increasingly common, particularly during peak activity periods such as holidays. Cloudflare emphasizes that organizations with preemptive protective systems are far better equipped to withstand such threats.
The automation and scalability of defensive mechanisms not only enable the mitigation of record-breaking attacks but also minimize their impact without requiring human intervention. In an era of hyper-volumetric threats, preparedness for countering attacks is no longer a competitive advantage but an absolute necessity.
