Cloudflare disclosed a record breaking 31.4 terabits per second DDoS attack in its 2026 Threat Report, marking the largest volumetric attack ever recorded. The attack represents a fundamental escalation in DDoS capability and highlights the industrialization of cyber threats facing internet infrastructure providers.
The attack exceeded previous records by a significant margin, demonstrating that threat actors have assembled bot networks capable of generating unprecedented traffic volumes. Cloudflare stated the attack targeted its network infrastructure but was successfully mitigated without service disruption to customers.
Attack Characteristics
The 31.4 Tbps attack utilized sophisticated multi vector techniques combining volumetric flooding, protocol exploitation, and application layer attacks. This approach aimed to overwhelm mitigation systems by forcing defenders to address multiple simultaneous attack types rather than a single method.
Security researchers note the attack’s scale required coordination of massive IoT botnets, compromised servers, and amplification techniques. The capability to generate this level of traffic suggests nation state resources or well funded cybercrime operations with access to substantial computing infrastructure.
Industry Implications
The record attack demonstrates that DDoS threats continue escalating despite defensive improvements. Organizations without enterprise grade DDoS mitigation face existential risk from attacks of this magnitude, as even brief exposure could cause complete service collapse and extended recovery periods.
Cloudflare emphasized the attack underscores the shift toward industrialized cyber threats where attackers possess resources comparable to defensive infrastructure. The company stated it continues investing in mitigation capacity to stay ahead of evolving attack capabilities.
