Record-Breaking 29.7 Tbps DDoS Attack Raises Alarm for Global Internet Infrastructure

In what security professionals are calling a watershed moment for distributed denial-of-service (DDoS) threats, a massive attack peaking at 29.7 terabits per second (Tbps) has been publicly documented, setting a new global record. The assault, unleashed by the Aisuru botnet, was detected and automatically mitigated by Cloudflare’s global defence systems, but its implications for Internet resilience, critical services, and small-to-large enterprises are profound.

Unprecedented Scale: What Happened

The attack, which lasted about 69 seconds, reached a peak bandwidth of 29.7 Tbps along with a packet-rate of roughly 14.1 billion packets per second (Bpps). Rather than attacking a single port or a small set of services, the assault employed a “UDP carpet-bombing” technique — flooding an average of 15,000 destination ports per second. Packet attributes were randomized to evade conventional filtering or scrubbing mechanisms. The sheer volume and distribution of the flood made the incident one of the most intense cyber-assaults ever recorded.

According to mitigation reports, the attack was launched by Aisuru, a sprawling botnet believed to consist of between one and four million compromised hosts — including routers, IoT devices, and other often-overlooked internet-connected devices. This botnet-for-hire model enables operators to rent capacity and deploy hyper-volumetric attacks on demand, elevating DDoS threats to an industrial scale.

Why This Attack Matters — Beyond the Numbers

This 29.7 Tbps event isn’t just a statistical anomaly; it marks a structural shift in the DDoS threat landscape. Historically, large volumetric attacks — those exceeding 1 Tbps — were rare and typically directed at high-profile targets. Aisuru’s ability to marshal multi-million-device infrastructure and launch such overwhelming assaults means that even mid-sized organisations, smaller internet service providers (ISPs), or regional cloud vendors are now within the potential crosshairs.

Additionally, the attack highlights the growing risk posed by compromised IoT and home-network devices. Devices with weak credentials, outdated firmware, or default settings are being recruited at scale into botnets — creating a stealthy reservoir of bandwidth that attackers can deploy unpredictably. For many organisations, standard scrubbing centers or on-premise mitigation tools may no longer suffice; defence strategies must scale to terabit-level traffic to stay effective.

Who Is At Risk — Broad and Widespread

The potential impact of an attack of this magnitude extends far beyond the intended target. Telecommunications providers, content delivery networks, cloud-service operators, gaming platforms, financial services firms and even critical infrastructure providers are all at elevated risk. In the event of insufficient DDoS protection, customers and users could experience slowdowns, outages or degraded service even if their systems were not the direct target.

Moreover, collateral damage becomes a real concern: backbone networks and regional ISPs could become congested, affecting unrelated services and innocent third-party users. This kind of widespread disruption could impact critical services — such as emergency communications, healthcare networks, or public-service portals — turning a cyber-attack into a public-safety risk.

Defence Response and Mitigation: What Worked This Time

Cloudflare reports that its globally distributed edge network and automated defence stack successfully absorbed and mitigated the flood within seconds, preventing visible downtime for the targeted customer. Techniques that proved effective included dynamic traffic filtering, rate-limiting, distribution of load across multiple data-centers, and advanced packet-inspection rules capable of detecting anomalous UDP floods across multiple ports.

This successful mitigation demonstrates that large-scale DDoS attacks — even at record-breaking volume — can be survived with properly configured, globally distributed defences. However, it also underscores the necessity of always-on, cloud-scale protection for organisations of all sizes. Manual or reactive responses are unlikely to succeed when attack volumes exceed backbone capacities and persist only for brief bursts.

What This Means for Internet Security Going Forward

The 29.7 Tbps attack sets a new baseline for what modern botnets can achieve. As DDoS-as-a-service infrastructure becomes commoditised, attackers — even with limited technical sophistication — can orchestrate attacks once thought the preserve of nation-state actors. The democratization of destructive bandwidth means every internet-connected entity must reassess risk and readiness.

Security experts warn that without proactive, scalable mitigation, we could see increasingly frequent “hyper-volumetric” attacks. These may not always aim for destruction or extortion; instead, they could be used as a smokescreen for infiltration, data theft, or supply-chain disruption — leveraging the chaos as cover while attackers perform other malicious operations.

Recommendations for Organisations and ISPs

• Adopt always-on, globally distributed DDoS protection — do not rely solely on reactive or on-premise solutions.
• Design network architecture for resilience — use redundant ingress paths, traffic load-balancing, and capacity oversubscription to absorb unexpected influxes.
• Implement fine-grained traffic-filtering rules and rate-limiting that can dynamically adapt to UDP floods and port-scanning techniques.
• Ensure IoT devices and consumer-grade hardware on your infrastructure are secured — update firmware, disable default credentials, and minimise exposure to the internet.
• Establish incident-response playbooks that include automated detection and mitigation steps, given modern DDoS attacks often unfold in seconds.

Conclusion

The 29.7 Tbps DDoS attack represents a stark warning: the scale and speed of internet-based threats have accelerated beyond established defence assumptions. As botnet-for-hire services like Aisuru grow, every organisation — from global cloud providers to small regional ISPs — must assume they are potential targets. Surviving the next generation of cyber-attacks will require investments in resilient infrastructure, automated protection, and a shift in security mindset — from prevention and detection to resilience and rapid response.