By In a striking example of the growing threat posed by insecure connected devices, a new record was set last week as a Distributed Denial-of-Service (DDoS) attack reached an unprecedented 5.6 Tbps. Orchestrated by a Mirai botnet variant, the assault involved over 13,000 hijacked IoT devices and was directed at an internet service provider in East Asia. Although the attack lasted only 80 seconds, the scale of disruption it could have caused was immense.
Fortunately, Cloudflare’s automated defense systems intercepted the surge in real time. No human input was needed, and services continued without interruption—a testament to the strength of modern mitigation tools. According to Cloudflare, each compromised device contributed just over 1 Gbps, creating an overwhelming volume of traffic.
The event has reignited concerns over the weak security standards that continue to plague IoT devices. Most of the compromised hardware is believed to have been vulnerable due to default settings or outdated software, making them easy targets for botnet recruitment. Once integrated into these malicious networks, even seemingly benign gadgets can become instruments of cyber warfare.
This record-breaking incident wasn’t a one-off. The final quarter of 2024 witnessed an explosion in large-scale DDoS attacks. Hyper-volumetric attacks—those exceeding 1 Tbps—spiked nearly 19 times compared to the previous quarter. Attacks transmitting over 100 million packets per second also surged, with 16% surpassing a staggering billion packets per second.
While most network-level attacks remain under 500 Mbps, the increasing frequency and strength of the largest incidents are shifting industry attention toward more robust defense strategies. Compounding the difficulty is the brevity of these attacks—more than 90% last less than ten minutes, leaving little to no time for human response.
Geographically, Indonesia continues to lead as the top source of DDoS traffic, with Hong Kong and Singapore following close behind. While HTTP-based attack origins can be directly traced to device IPs, network-layer attack origins are inferred through the geographic spread of global mitigation centers, which intercept and neutralize malicious data flows.
When asked who they believed was behind such attacks, many Cloudflare clients admitted they were unsure. However, among those who offered a guess, a significant portion blamed competitors, highlighting a concerning trend toward cyber sabotage in commercial rivalries. Other frequently cited culprits included nation-state actors, disgruntled insiders, and criminal groups demanding ransom.
On the receiving end, China retained its position as the most targeted country. Interestingly, the Philippines entered the top three for the first time, while Taiwan also experienced a sharp rise in attack volume. From an industry perspective, telecom and service providers now top the list of most targeted sectors, pushing banks and financial firms—formerly the leading victims—further down the rankings. The advertising and internet services industries also saw an increase in attacks.
The takeaways from this incident are clear: IoT devices remain a weak link in cybersecurity, and attackers are exploiting this vulnerability at scale. Manufacturers must take greater responsibility by enforcing stronger default security measures and providing timely updates. At the same time, organizations should implement automated, always-on DDoS protection to prevent brief but powerful attacks from causing damage.
As digital infrastructures become more integral to business and national operations, DDoS attacks are no longer just a nuisance—they’re a serious threat. The defenses deployed today must evolve to match the sophistication and speed of tomorrow’s attacks.