Cyber Incident Victim: Cloudflare

On June 21, 2020, Cloudflare detected and mitigated a significant packet-based volumetric distributed denial-of-service (DDoS) attack that peaked at 754 million packets-per-second. This event was part of a sustained four-day assault spanning June 18 to June 21, targeting a single Cloudflare IP address. The attack originated from more than 316,000 distinct IP addresses, indicating widespread participation in the coordinated effort. Attackers employed a combination of three TCP-based vectors: SYN floods, ACK floods, and SYN-ACK floods, which collectively aimed to exhaust network resources through high-volume packet transmission. During the attack period, traffic volumes consistently exceeded 400 to 600 million packets-per-second for extended durations, with multiple instances surpassing the 700 million packets-per-second threshold before reaching the 754 million peak. The persistent nature of the assault demonstrated deliberate coordination, as attack intensity fluctuated but maintained disruptive capacity across nearly 100 hours of activity.

The attack specifically targeted Cloudflare's network infrastructure, focusing on overwhelming routers and data center appliances rather than attempting to saturate inbound bandwidth capacity. This approach represented a strategic effort to disrupt core routing equipment instead of merely flooding data connections. Cloudflare's automated mitigation systems successfully neutralized the attack vectors without service interruption to customers. The company noted this incident occurred despite an industry-wide trend toward shorter durations and smaller magnitudes of DDoS attacks throughout the preceding year. The scale of the attack, particularly its sustained packet-per-second rates and utilization of multiple TCP attack methods, underscored ongoing challenges in defending against sophisticated volumetric threats. No specific customer or service impacts were disclosed beyond the confirmed mitigation of the attack itself.