The internet just faced one of its most dangerous moments, and most people didn’t even notice. This week, Cloudflare confirmed it mitigated the largest Distributed Denial-of-Service (DDoS) attack ever recorded: a staggering 29.7 terabits per second (Tbps).

To put that in perspective:

• A 1 Tbps attack can bring down a telecom provider.
• An attack with a 10 Tbps has the potential to cripple a nation.

What does 29.7 Tbps mean?

Such is the kind of traffic that would render the internet useless to disaster readiness, as it would bring most infrastructure, emergency, and worldwide communications to their knees otherwise. The attack lasted only 69 seconds, but its magnitude indicates the dawn of a new age of cyber warfare.

The AISURU Botnet

Cloudflare identified the attack as a botnet-for-hire network operating out of a fast-growing cyberweapon called AISURU that is estimated to administer 1-4 million infected machines across the globe. Individuals can rent portions of AISURU for a few hundred dollars.

Yes, a teenager with a credit card will be able to initiate an attack that will make major providers crumble.

Already, AISURU has been associated with several hyper-volumetric attacks over the last year, against:

• Telecommunications companies
• Gaming platforms
• Hosting providers
• Financial services

In its part, Cloudflare used to block a 14.1 billion packets-per-second (Bpps) attack by the same botnet in the same time period. This thing isn’t slowing down. It’s evolving.

DDoS Attacks Are Surging Fast

Big attacks tend to get attention, but most people treat them like statistical freaks, something rare enough to ignore. The problem is, the latest attack isn’t an outlier. It’s a preview of what’s coming.

The trend is evident in the Q3 2025 data of Cloudflare. In the current year, they were able to mitigate more than 36 million DDoS attacks. And 8.3 million of them occurred only in the past quarter. When the numbers are extreme, then they are. Its annual growth has already reached 40 per cent, and hyper-volumetric attacks, those over 1 Tbps, have already surpassed a thousand in one quarter.

Also Read: Cloudflare Blocks Largest DDoS Attack Ever: 7.3 Tbps and 37.4 TB in Just 45 Seconds

It is not only the volume that is increasing. The character of the attacks is changing. Cloudflare experienced a 189% increase in high-packet-rate attacks, the type that attempts to bring down not bandwidth, but processing capacity. These are not the previous firehose until the server drops attacks. They’re more surgical.

Three things are coming together simultaneously: the attacks are becoming larger and more intelligent, as well as swifter. Any such changes would be hard. The combination of all three implies that the old ideas of defence are no longer applicable.

Cloudflare’s Q3 2025 Report:

Why This One Was Different

The majority of DDoS attacks act as a hammer. They move traffic in one direction and wish that volume would be the killer. This was not the case with this attack.

Something nearer to a carpet-bombing strategy was applied by AISURU. It did not flood a single target, but spread the traffic to thousands of ports per second, approximately fifteen thousand. That alters the game, as defences that are designed to seek one choke point are no longer an apparent trend to follow.

Also Read: Massive DDoS Attacks on Outlook, OneDrive, and other Microsoft 365 Services

There was another twist. The packets weren’t uniform. These attributes were randomised, and this meant that many of the common filters just did not know that they were hostile. Such adaptation is not a coincidence, but an indication of something planned.

It was not a brutal force. It was designed. Noise and intelligence are the difference between force and design.

Also Read: Massive Brute Force Attack Uses 2.8 Million IPs to Target VPNs and Firewalls

Legacy Defences Are No Longer Enough

Traditional DDoS protection on-prem appliances, manual activation, or third-party scrubbing simply cannot react fast enough anymore.

Reasons are:

• 89% of network-layer attacks now end in under 10 minutes.
• Some last only seconds, just long enough to disrupt services before anyone responds.
• Humans can’t respond fast enough. Automation vs automation is now the battlefield.

If your infrastructure isn’t using always-on, globally distributed mitigation, you’re exposed, whether you realise it or not.

Conclusion

A 29.7 Tbps attack would have been science fiction five years ago. Today? It’s a headline.

Tomorrow? It may be the new normal. Cybersecurity isn’t about preventing attacks anymore. It’s about surviving them. Automated monitoring tools like Sitelock can help you stop these types of DDoS attacks before they harm your business.

And organisations that don’t adapt will find out the hard way that downtime isn’t just an inconvenience. It’s a business-ending event.