The cybersecurity landscape witnessed a new benchmark in DDoS attacks as Cloudflare reported mitigating a hyper-volumetric assault that peaked at 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). This attack more than doubled the previous UDP flood record of 11.5 Tbps only a few weeks ago, underlining the accelerating capabilities of botnets and the sophistication of modern attackers.
Unlike traditional prolonged campaigns, this attack unfolded in a “hit-and-run” fashion, lasting approximately 40 seconds. Attackers combined multiple vectors, including volumetric floods, protocol misuse, and application-layer noise, to maximise disruption within a very narrow window.
The sheer scale of the traffic indicates the use of massive botnets composed of compromised servers and Internet-of-Things devices, orchestrated to saturate network pipes and exhaust server resources. The assault’s intensity and brevity demonstrate a shift toward flash DDoS tactics, which are designed to strike and vanish before manual mitigation can be applied.
Technical details of the attack reveal a peak of 10.6 Bpps, indicating that the traffic was not just volumetrically extreme but also highly packet-intensive. UDP amplification and reflection techniques appear to have been leveraged to generate the surge, stressing network hardware and testing the limits of edge routers and firewall appliances. We have detected very similar attacks with FastNetMon in recent weeks. These types of attacks require rapid detection and automated mitigation to prevent service disruption.
Hypervolumetric attacks are becoming the new normal
The pace at which record-breaking DDoS attacks are emerging is a growing concern. Only a few weeks ago, the previous peak of 11.5 Tbps was reported—already a major milestone at the time. Now, that record has been more than doubled with this 22.2 Tbps event.
This frequency marks a sharp departure from the past. Two to three years ago, large-scale DDoS incidents of this magnitude were rare, with perhaps one or two significant events each year. Five years ago, even double-digit terabit-per-second floods were virtually unheard of.
Today, hypervolumetric attacks are reported every few weeks, driven by ever-expanding botnets and increasingly automated attack tooling. For defenders, this shift demonstrates not just the rising scale but also the accelerating tempo of the threat landscape—demanding faster detection, larger capacity, and fully automated mitigation pipelines.
FastNetMon with Cloudflare Integration
FastNetMon is a leading solution for network security, providing advanced DDoS detection and mitigation with real-time analytics and rapid response capabilities. It helps organisations identify attacks early and protect their infrastructure from evolving threats.
FastNetMon Advanced integrates natively with Cloudflare Magic Transit, enabling seamless mitigation of DDoS attacks. When an attack is detected, FastNetMon can automatically trigger traffic redirection to Cloudflare’s global scrubbing centres. This ensures that only malicious traffic is sent for cleaning, while legitimate traffic continues to flow normally, delivering powerful scrubbing capacity on demand without unnecessary cost.
For more information, visit https://fastnetmon.com