DDoS attacks escalate: 29.7 terabits per second mark a new high

Cloudflare is sounding the alarm: The latest publication of the DDoS Threat Report for the third quarter of 2025 reveals a new escalation level of digital attacks. The documented peak value of a distributed denial-of-service attack (DDoS) reached a historic maximum of 29.7 terabits per second, a value that sheds light not only on the technical infrastructure but also on geopolitical tensions.

The massive attack was caused by the botnet Aisuru, which according to Cloudflare consists of an estimated 1 to 4 million infected devices worldwide. Back in May, it was responsible for a large-scale attack on the website of renowned IT journalist Brian Krebs. Aisuru routinely causes overload attacks with over 1 TBit/s and more than 1 billion packets per second. However, the current record, a so-called UDP area bombardment with 14.1 billion packets per second, goes beyond known standards. In this attack, 15,000 ports were targeted simultaneously per second.

Cloudflare registered a total of 8.3 million DDoS attacks in the third quarter, which indicates an acute intensification of the threat situation. On average, this means 3780 attacks per hour, and the trend is rising. Compared to the previous quarter, this represents an increase of 15%, and even 40% year-on-year. Particularly explosive: DDoS attacks on companies in the AI sector increased by 350% in September – a development that hardly seems coincidental considering the increasing networking of critical infrastructure with cloud-based AI. At the same time, the commodities sector also experienced a wave of attacks – just at a time when geopolitical tensions between the EU and China over rare earths and trade tariffs were escalating. This reveals the new reality: cyber attacks have long since become part of economic and trade policy conflicts.

A look at the types of attack shows that UDP-based attacks continue to dominate with an increase of 231%. They are followed by DNS floods, SYN floods and ICMP floods, all of which target the network layer. According to Cloudflare, a total of 10.3 million HTTP DDoS attacks and 25.9 million network attacks (layer 3/4) have been registered in the year to date. Microsoft also reported new highs in November: 15.7 TBit/s and 3.64 billion packets/second were recorded in an attack there. In September, the figure was “only” 11.5 TBit/s. The figures show: The arms race in the digital space is accelerating exponentially.

It is not only the technical complexity of the attacks that is worrying, but also their political dimension. When targeted overload attacks are increasingly used as economic or diplomatic leverage, the boundaries between traditional IT security and digital warfare become blurred. States, tech companies and infrastructure providers are becoming targets or collateral damage in equal measure.

Source: Heise