DDoS news: December 4th 2025
A new world-record DDoS attack has been confirmed, peaking at 29.7 terabits per second (Tbps) and launched by the Aisuru botnet, a large DDoS-for-hire network using an estimated one to four million compromised routers and IoT devices worldwide.
The attack lasted 69 seconds and was mitigated by Cloudflare, fending off a stream of randomised junk traffic targeting an average of 15,000 destination ports per second. The intended target was not disclosed.
This is certainly not the first time Aisuru has been associated with extreme volumetric traffic. A few months ago, we reported on a suspected 29.69 Tbps gaming outage. While unconfirmed, it demonstrated that operators were already facing attack magnitudes close to today’s validated record. We also recently analysed a Aisuru related 15.2 Tbps attack on Microsoft Azure, highlighting that the botnet’s reach and accessibility are changing the logistics of offensive traffic in the entire industry.
Why DDoS attacks peak toward the end of the year
The timing aligns with a predictable and recurring trend. DDoS activity often escalates in Q4, coinciding with peak traffic periods such as retail holidays, gaming spikes, seasonal online events and end-of-year commercial load. These conditions increase the value and impact of disruption. As more botnet capacity becomes available through commercialised leasing models, attackers simply rent the bandwidth they need for the period of highest leverage.
Collateral damage and outbound DDoS risks
One of the emerging concerns highlighted in this record attack is that collateral disruption can occur even when an organisation is not the intended target. When volumetric attacks exceed local infrastructure limits or propagate through upstream carriers, they can affect networks along the path, including internet service providers, cloud environments and peering partners.
We have previously written extensively about outbound DDoS, where compromised assets inside a network unknowingly contribute to attacks. Even if a business believes it is not at risk due to its smaller profile or limited public-facing footprint, it may still be used as part of someone else’s DDoS campaign. The risks are not only external disruption but reputational damage, blacklisting, traffic throttling and loss of carrier trust. Additionally, high-capacity botnets such as Aisuru amplify this concern, as the sheer volume of junk traffic is growing to unbearable levels for some ISPs to handle.
How to defend against hyper-volumetric DDoS: the FastNetMon way
Always-on scrubbing may appear to be the safest DDoS defence model, but in reality it is neither technically preferable nor financially viable for many organisations. Sending all traffic through a scrubbing provider introduces unnecessary latency, increases complexity and inflates operational cost – especially when most attacks last only a few seconds.
However, to defend against attacks at the scale delivered by Aisuru, access to cloud-capacity scrubbing is essential. FastNetMon enables this in a vendor-neutral, cost-efficient way, integrating seamlessly with large scrubbing platforms such as Cloudflare Magic Transit – while remaining compatible with other providers in the same tier.
FastNetMon continuously monitors network telemetry via NetFlow, sFlow, IPFIX and other data sources. When an attack crosses thresholds, it can automatically announce only the impacted prefix (commonly a /24) to the chosen scrubbing provider. Platforms such as Magic Transit then absorb and filter the malicious traffic at global network scale, returning clean traffic via GRE or IPsec tunnels. Crucially, clean traffic continues to flow directly, without routing all traffic through the scrubbing cloud.
This approach reduces cost, avoids latency penalties and ensures operators can defend against even terabit-scale floods without redesigning their everyday traffic path or locking themselves into a single mitigation vendor.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.For more information, visit https://fastnetmon.com