On September 2, 2025, Cloudflare, a leading web infrastructure and security company, successfully mitigated a record-breaking volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). This attack, primarily a User Datagram Protocol (UDP) flood originating from Google Cloud, lasted approximately 35 seconds.
Volumetric DDoS attacks aim to overwhelm targeted servers with massive amounts of traffic, leading to network congestion, packet loss, and potential service disruptions. These attacks often utilize botnets—networks of compromised devices infected with malware—to generate the malicious traffic.
Akamai, another cybersecurity firm, explains that the initial impact of such attacks is to degrade network performance, potentially causing outages. Attackers may also use these volumetric assaults as a diversionary tactic, launching additional, more sophisticated exploits while security teams are occupied with mitigation efforts.
This recent incident follows a series of escalating DDoS attacks. In mid-May 2025, Cloudflare blocked a 7.3 Tbps attack targeting an unnamed hosting provider. By July 2025, the company reported a significant increase in hyper-volumetric DDoS attacks—those exceeding 1 billion packets per second (Bpps) or 1 Tbps—rising from 700 in the first quarter to 6,500 in the second quarter.
The growing frequency and scale of these attacks underscore the importance of robust cybersecurity measures. Organizations must remain vigilant, implementing comprehensive security strategies to protect against the evolving threat landscape.
