Cloudflare Thwarts Record-Setting 11.5 Tbps DDoS Attack, Lock Down Your IoT Devices Now

Cloudflare just announced on X that it blocked the highest DDoS (distributed denial-of-service) attack in history, which was an 11.5 Terabits per second DDoS attack that came as a UDP (User Datagram Protocol) flood. It was brief, about 35 seconds long, but slammed resources at over 5.1 billion packets per second.

In UDP flood attacks, attackers send high amounts of fake UDP traffic to random ports on a targeted server. Because the server wastes resources checking and responding, it can quickly get overwhelmed and shut down. The thwarted attack was the largest ever seen, and interestingly, comes shortly after Cloudflare stopped a previous all-time high DDoS attack on its CDN network.

Cloudflare has proved efficient in thwarting sophisticated cyberattacks over time. In 2022, it stopped a massive crypto DDoS attack, which peaked at 15M requests per second. Since then, it has had to deal with more powerful assaults, such as the 3.8 Tbps attack in October 2024 and a 7.3 Tbps attack in May 2025, the largest ever seen until this recent attack.

According to the company's latest report on X, the record-breaking 11.5 Tbps DDoS attack came from a combination of IoT devices and cloud providers. It's not surprising that IoT devices like printers, smart light bulbs, and smart watches are at the bottom of the list of secure devices. We reported in the past how millions of IoT devices were at risk of a couple of vulnerabilities affecting TCP/IP stacks.

While Cloudflare's response to these attacks has helped to highlight its tough security defenses, their rising frequency shows that there is good reason to worry about the security of your IoT devices and other network connect equipment as well.

The specific target of the recent attack remains undisclosed by Cloudflare. The CDN, security and networking provider says it will drop more details about the attack in its next report.