Key Highlights
- A 6 Tbps DDoS attack targeted a gaming hosting provider, ranking among the top ten largest DDoS incidents in history.
- The assault was primarily carried out using the UDP protocol and originated from unsecured networks in Brazil and the United States.
- Gcore’s defense system successfully mitigated the attack without disruption by leveraging its global Points of Presence (PoPs) network.
- Industry experts warn that such attacks represent a growing threat, as botnets become more sophisticated and capable of launching high-intensity, short-duration strikes.
The Scale of the Attack
A recent DDoS attack on a gaming hosting provider, Gcore, has been identified as one of the largest ever recorded. Peaking at 6 terabits per second (Tbps), this assault lasted between 30 and 45 seconds and involved an unprecedented amount of data—specifically, 5.3 billion packets per second.
This incident ranks among the top ten DDoS events in history, underscoring the increasing sophistication and scale of cyber threats targeting online service providers. The attack was consistent with activity from the AISURU botnet, indicating a concerning trend toward more powerful and efficient DDoS tools.
Regional Distribution and Impact
Gcore’s analysis revealed that 51% of the malicious data originated in Brazil, while nearly 24% came from the United States. This distribution highlights the global nature of cyber threats and suggests widespread exploitation of unsecured networks across these regions.
The attack primarily used the UDP protocol, a common choice for overwhelming targets with traffic. Gcore’s security system absorbed the flood using over 210 global Points of Presence (PoPs) and 200+ Tbps filtering capacity, successfully mitigating the impact on their services.
Expert Perspectives and Industry Trends
Andrey Slastenov, Head of Security at Gcore, emphasized the ongoing escalation in both the scale and sophistication of DDoS attacks. He noted that without strong, adaptive protection, organizations across various sectors remain vulnerable to such threats.
“This incident underscores an evolving landscape where cybercriminals deploy short but powerful DDoS bursts to test resilience and probe for weaknesses,” Slastenov said. “These preliminary strikes are often precursors to more complex operations involving data theft, malware evasion, and ransomware protection challenges.”
Industry experts caution that the trend towards larger and shorter DDoS attacks is indicative of a broader shift in cyberwarfare tactics. These attacks are not only aimed at disrupting services but also probing for vulnerabilities that can be exploited in more complex campaigns.
Implications for Web Hosting Providers
The scale and regional distribution of the attack point to a worrying evolution in botnet capacity, capable of launching high-intensity, short-duration strikes. For web hosting providers like Gcore, this means increasing their defenses against preliminary DDoS attacks that may precede more sophisticated operations.
“Increasingly, DDoS attacks are part of multi-vector campaigns that include data theft, malware evasion, and ransomware protection challenges,” said Slastenov. “Organizations must remain vigilant and invest in robust security measures to protect their infrastructure against these evolving threats.”
Gcore’s successful mitigation of the attack demonstrates the importance of global PoPs and advanced filtering technologies in defending against large-scale DDoS attacks. As cyber threats continue to grow, the industry will need to adapt its strategies to stay ahead of these increasingly powerful attacks.
