Penelope Iroko Table of Contents
DDoS attack volume surged to record levels in Q3, led by the Aisuru botnet, Cloudflare reported. Peaks reached 29.7 Tbps and 14.1 billion pps, stressing global networks.
Cloudflare logged a 54% quarter-over-quarter rise with 8.3 million mitigations, and daily hyper-volumetric events multiplied. Microsoft later mitigated a 15.72 Tbps incident linked to Aisuru.
The findings highlight how rapidly DDoS attack volume can escalate when a massive botnet mobilizes, especially via UDP carpet bombing and multi-port floods.
DDoS attack volume: What You Need to Know
- Cloudflare saw a 54% QoQ jump, 8.3M mitigations, and a 29.7 Tbps peak.
Recommended defenses and tools
- Bitdefender – Harden endpoints to resist DDoS-born malware pivoting.
- 1Password – Secure admin credentials powering mitigation systems.
- Auvik – Gain network visibility and alert on abnormal traffic spikes.
- Tenable – Assess exposure on internet-facing assets before attacks.
Q3 highlights and context
Cloudflare reported a 54% quarter-over-quarter increase in DDoS attack volume, averaging about 14 hyper-volumetric events per day.
The record 29.7 Tbps burst was delivered as a UDP carpet-bombing campaign hitting roughly 15,000 destination ports per second, complicating filters and capacity planning.
Across the quarter, Cloudflare detected and mitigated 8.3 million DDoS events, up 40% year over year and 15% sequentially. The pace suggests DDoS attack volume has become a steady operational burden rather than an occasional spike.
Aisuru botnet attacks set new records
Researchers estimate Aisuru includes one to four million compromised hosts worldwide, enabling sustained throughput behind recent peaks.
The botnet focused on telecommunications, financial services, hosting providers, and gaming, driving DDoS attack volume against latency-sensitive infrastructure.
Microsoft separately mitigated an October incident linked to Aisuru that peaked at 15.72 Tbps and 3.64 billion pps, which it described as its largest single cloud attack to date.
AI companies DDoS attacks surge in September
Cloudflare observed a 347% month-over-month increase in hostile traffic aimed at AI-focused organizations during September.
While causation was not assigned, the surge in AI companies DDoS attacks coincided with heightened public debate on AI regulation. The trend expanded the target set and elevated overall DDoS attack volume.
How the record attack unfolded
The 29.7 Tbps incident relied on UDP carpet bombing, a technique that floods many destination ports simultaneously to overwhelm network gear and defeat simple filtering rules.
By averaging 15,000 destination ports per second, the attackers maximized DDoS attack volume across edge and core paths, challenging organizations without automated, always-on scrubbing capacity.
Industries in the crosshairs
- Telecommunications: High-throughput links and always-on services face immediate degradation risks.
- Financial services: Low-latency apps and APIs are sensitive to packet floods and jitter.
- Hosting providers: Multi-tenant platforms amplify collateral impact if isolation is weak.
- Gaming: Real-time traffic is highly vulnerable to volumetric disruption.
As DDoS attack volume grows, downtime, SLA penalties, and customer churn pressure intensify across these sectors.
Operational lessons and useful resources
Defenders should combine rapid detection, layered mitigation, and rehearsed playbooks to counter surges in DDoS attack volume.
For practical guidance, see this primer on incident response for DDoS attacks. For botnet dynamics, review reporting on the Eleven11Bot DDoS botnet and recent IoT-driven Mirai variants.
Implications for defenders and operators
Advantages:
The reporting provides clear visibility into attacker scale, preferred vectors, and targeted industries. With concrete data on DDoS attack volume and techniques such as UDP carpet bombing, teams can tune thresholds, expand scrubbing and peering capacity, and validate cutover procedures.
Cross-provider telemetry also strengthens budget cases for resilience aligned to measured risk.
Disadvantages:
Peak throughput and packet rates raise requirements for automation, telemetry, and cross-team coordination. Smaller organizations may struggle to match escalation in DDoS attack volume, especially as adversaries vary ports, packet mixes, and regions.
The rise in attacks on AI firms broadens the protection surface amid competing priorities like ransomware and supply chain risk.
Strengthen your DDoS resilience
Conclusion
Q3 marked a shift in DDoS attack volume, with Aisuru driving peaks that Cloudflare called unprecedented. The 29.7 Tbps and 14.1 billion pps milestones are early indicators, not anomalies.
With daily hyper-volumetric events and millions of mitigations in one quarter, organizations should assume DDoS attack volume remains elevated and persistent across regions and industries.
Resilience now requires always-on mitigation, realistic playbooks, and tested failovers tuned to multi-port UDP floods and fast-moving botnets.
Questions Worth Answering
What did Cloudflare observe in Q3?
It recorded a 54% quarter-over-quarter rise, mitigated 8.3 million attacks, and saw peaks of 29.7 Tbps and 14.1 billion pps.
How large is the Aisuru botnet?
Cloudflare estimates one to four million compromised hosts distributed globally.
Which industries were most targeted?
Telecoms, financial services, hosting providers, and gaming absorbed the heaviest activity.
How does Microsoft’s finding fit the trend?
Microsoft mitigated an October event linked to Aisuru at 15.72 Tbps and 3.64 billion pps, its largest single cloud attack to date.
Why did attacks on AI firms spike?
Cloudflare saw a 347% month-over-month increase in September, coinciding with intense debate on AI regulation.
What is UDP carpet bombing?
A technique that floods many destination ports simultaneously, overwhelming networks and complicating filtering.
How should organizations prepare?
Adopt layered, always-on mitigation, test failovers, and maintain a clear, exercised DDoS incident playbook.
About Cloudflare
Cloudflare is a global network and security provider delivering performance, security, and reliability services to organizations of all sizes through a large edge network.
Its portfolio spans DDoS mitigation, application security, zero trust, and developer services designed to protect and accelerate internet properties.
Cloudflare publishes threat intelligence based on global telemetry, helping security teams track evolving attack patterns and adapt defenses.
More smart picks
Boost resilience with Passpack, simplify hosting with Plesk, and scrub your footprint via Optery.
