As the digital world expands, the scale and sophistication of Distributed Denial of Service (DDoS) attacks have reached unprecedented levels, posing serious challenges for all organisations, writes Christian Reilly, Field CTO, EMEA, Cloudflare. Hyper-volumetric DDoS attacks – those that flood systems with overwhelming traffic – are now frequent and disruptive. According to our research, more than a third (37%) of European businesses surveyed have experienced a DDoS attack in the last 12 months.
These attacks can also serve as distraction techniques, diverting attention and resources away from more significant threats, such as SQL injections.
While security teams focus on addressing the immediate disruption, attackers exploit overlooked vulnerabilities. In a recent incident, for example, Cloudflare mitigated a record-breaking attack peaking at 5.6 Tbps. This attack followed a 3.6Tbps assault, which, at the time, was the largest ever disclosed publicly by any organisation. It was part of a month-long campaign targeting industries like finance, telecoms, and internet services, with over 100 incidents in total, some exceeding 3 Tbps in volume.
The scope of these attacks shows that no industry is immune. The recent attack impacted a wide range of sectors, and infrastructure. As businesses grow more reliant on digital services, attackers are increasingly targeting the critical resources that keep operations running – whether that's network bandwidth or server CPU power. For sectors that rely on real-time transactions, even brief disruptions can lead to significant financial and reputational damage. The harsh reality is that as the threat landscape evolves, organisations that are unprepared risk devastating consequences, impacting not only their operations but also their financial stability.
A growing global threat
In today’s enterprise environments, IoT devices are used by everyone – playing a key role in operations across industries. Many of these devices remain unsecured, often relying on weak security measures while being constantly connected online. This provides attackers with an easy way to form botnets and gather the resources needed for massive, anonymous attacks. The global distribution of these devices adds an additional layer of complexity, making it difficult for security teams to predict where or when an attack will occur. As a result, companies now find themselves defending against botnets scattered across different time zones and continents, forcing IT teams to need to rapidly rethink their cybersecurity strategies.
Recent attacks such as the Mozi and HTTP/2-based vulnerabilities originated from compromised devices across countries including the U.S., Russia, Brazil, and Vietnam. These attacks used botnets composed of hijacked routers, webcams, and servers. That is just one example. Today’s attackers no longer rely on a single point of entry or a specific region; they deploy vast networks of vulnerable devices to launch attacks from anywhere in the world.
With DDoS attacks growing in complexity, both the scale and changing nature of the attacks is causing concern for today’s businesses.
Attackers are becoming more strategic, blending volumetric attacks with application-layer attacks that target specific vulnerabilities in systems.
This combination of techniques makes it harder to detect and mitigate threats, as different layers of organisations’ infrastructure can be attacked simultaneously. To combat this, businesses need to adopt a holistic approach, monitoring both the network and application infrastructure layers to ensure that all potential vulnerabilities are monitored and addressed.
Adapting to the evolution of threats
To combat modern DDoS attacks effectively, a swift response is essential. Automated detection and response systems, using real-time machine learning and artificial intelligence, play a critical role by continuously analysing traffic patterns, identifying threats, and responding instantly without human intervention. This proactive approach enables organisations to stay ahead of attackers, containing disruptions before they impact vital systems. Automation is key here – human teams simply cannot keep up with the volume and speed of hyper-volumetric attacks, making real-time, machine-led, real-time intervention indispensable. This means that you can stop attacks before they’ve even started - not just fight them in real time.
Automation alone is not enough. A robust defence requires companies to layer their security measures, combining advanced traffic filtering, real-time analysis, and threat intelligence to distinguish between legitimate and malicious traffic. This layered approach ensures that even during an attack, businesses can maintain continuity without compromising performance, reliability or security. Beyond technical solutions, it is important to regularly review and test incident response plans, ensuring all teams are prepared for real-world attack scenarios, and implementing more training as necessary.
See also: AWS warns over "large number" of native SSE-C encryption incidents
For further resilience against high-volume attacks, organisations can leverage a global anycast network, which disperses traffic across multiple data centres worldwide. This ensures that no single location is overwhelmed by an attack. A distributed infrastructure provides both resilience and redundancy, allowing systems to continue operating even under extreme traffic surges. A connectivity cloud approach, for instance, absorbs vast amounts of traffic by distributing it across data centres closest to the attack origin, minimising the impact on the target and provides a secure, low-latency, infinitely scalable network – connecting multiple clouds, apps and remote users all from one interface.
Cloud providers have become a crucial line of defense too, due to the increasing reliance on cloud services. By acting as a buffer, the cloud can absorb high-volume attacks that on-premises systems simply cannot handle. However, this also means that organisations must carefully vet their cloud providers, ensuring their DDoS protection capabilities are robust enough to withstand the growing scale of modern cyber threats.
Building resilience for the future
As DDoS attacks continue to evolve in size, frequency and complexity, organisations must be proactive and ever-vigilant in their defences. The recent wave of hyper-volumetric attacks underscores the escalating threat to businesses across industries. Our research shows that nearly two-thirds (64%) of business and technology leaders in Europe predict that a cybersecurity incident against their organisation is likely within the next 12 months, signalling that the issue is only believed to worsen.
By adopting global network infrastructure, automating defences, and layering security strategies, companies can build resilience to stay ahead of these evolving threats. Beyond technical fixes, fostering a culture of security awareness and staying informed of threat trends, is equally crucial.
The future of DDoS mitigation, in short, lies not just in the tools we use, but in how intelligently and at what scale we deploy them. As attack volumes rise, the ability to defend networks and maintain operations amid overwhelming traffic will be a key differentiator. By adopting additional layers of protection, such as Zero-Trust strategies, organisations can be resilient in both their technology and adaptive mindset. By having an understanding of evolving threats, companies and truly commitment to continuous improvement in cybersecurity.
