Cloudflare Withstands Record-Breaking 3.8 Tbps DDoS Attack With Automated Protection

The world's leading cloud cybersecurity firm revealed that the massive DDoS attack was part of a larger campaign that spanned a month earlier, involving "hyper-massive L3/4 DDoS attacks" with traffic volumes exceeding 2 billion packets per second (Bpps) and 3 Tbps. Layer 3 (L3) attacks are designed to overload network infrastructure by 'flooding' the target system with a large volume of packets. While Layer 4 (L4) attacks are designed to exhaust the resources of the transport layer by overloading it with connection requests or data packets.

Because Cloudflare's DDoS defenses handle DDoS attacks automatically, it also means that the company's customers can be protected in real time. This includes HTTP reverse proxy services like Cloudflare WAF and Cloudflare CDN, as well as customers using Spectrum and Magic Transit. All are protected automatically.

One of the attack's graphs released by Cloudflare shows the duration and intensity of the attack. The incident began at approximately 15:01:25 and was mitigated at 15:02:30, allowing the target to resume normal operations very quickly.

Cloudflare warns that large-scale attacks of this type can take down unprotected internet assets, as well as those protected by on-premises equipment or cloud providers that cannot absorb DDoS campaigns of such magnitude.

Attacks like this have been detected by Cloudflare primarily affecting a number of the company's customers across a range of industries including financial services, internet and telecommunications. The countries hosting the most bots include Vietnam, Russia, Brazil, Spain and the United States.

All types of devices can be exploited for attacks including MikroTik devices, DVRs, and web servers. Experts believe the attacks originated from a large number of ASUS home routers exploiting a vulnerability recently discovered by Censys.