An unnamed hosting provider faced a hyper-volumetric distributed denial-of-service (DDoS) attack in mid-May 2025 that peaked at an unprecedented 7.3 terabits per second over a 45-second span. Delivered by a vast botnet spanning more than 122,000 source IPs across 161 countries, the assault underscored the urgent need for automated, large-scale defense systems.

Key Takeaways

• Peak attack volume: 7.3 Tbps and 4.8 billion packets per second (Bpps)

• Duration: 45 seconds, delivering 37.4 TB of data

• Origin: 122,145 IPs across 5,433 autonomous systems in 161 countries

• Multi-vector composition: 99.996% UDP floods, 0.004% mixed reflection and amplification

• Mitigation: Cloudflare’s Magic Transit blocked the attack automatically

Attack Overview

The record-breaking incident targeted a hosting provider protected by Cloudflare’s Magic Transit service. In just three quarters of a minute, the attackers unleashed enough traffic to stream over 9,350 HD movies simultaneously. Key characteristics:

1. Multi-vector flood: UDP floods dominated, complemented by QOTD, Echo, NTP reflections, Mirai UDP floods, portmap and RIPv1 amplification.

2. Global footprint: Top source countries included Brazil, Vietnam, Taiwan, China, and Indonesia.

3. Automated defense: Cloudflare’s network of 477 data centers in 293 locations absorbed and nullified the traffic.

Scale and Composition

Cloudflare’s Q2 2025 data paints a stark picture of DDoS escalation:

• 6,500+ hyper-volumetric attacks (≥1 Tbps or ≥1 Bpps) blocked—an average of 71 per day.

• 592% quarter-over-quarter surge in attacks exceeding 100 million packets per second.

• 1,150% increase in L3/4 attacks over 1 Tbps compared to Q1.

• Total blocked hits reached 27.8 million by mid-2025, surpassing all of 2024.

Attack vectors in Q2 2025:

Targeted Sectors and Geography

The telecommunications sector emerged as the prime target, reflecting its strategic value:

• Top industries: Telecommunications; Internet; IT & Services; Gaming; Banking & Financial Services.

• Most attacked countries: China, Brazil, Germany, India, South Korea.

• Major attack sources: Indonesia, Singapore, Hong Kong, Argentina, Ukraine.

Botnet Evolution

Botnets have grown exponentially in size and sophistication:

• Largest observed botnet: 4.6 million devices—20× larger than 2024’s record.

• Geographical spread: Brazil (29.7%), US (12.1%), Vietnam (7.9%), India (2.9%), Argentina (2.8%).

• DemonBot variant: Exploits weak SSH credentials and open IoT ports to launch multi-vector floods.

Mitigation and Future Outlook

The successful defense against the 7.3 Tbps attack demonstrates that only always-on, AI-driven mitigation platforms can withstand next-generation threats. Organizations should:

1. Adopt cloud-based DDoS protection with automated scrubbing.

2. Secure IoT devices with strong credentials and regular firmware updates.

3. Monitor for emerging botnet variants and ransom DDoS trends.

As cybercriminals harness AI and proliferate botnets, the cybersecurity community must shift from reactive measures to proactive, scalable defenses to safeguard critical infrastructure. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack, CyberSecurityNews.

• Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors, The Hacker News.