A 2.5 Tbps distributed denial-of-service (DDoS) attack recently hit Wynncraft, a popular Minecraft server. According to DDoS mitigation provider Cloudflare, the attack lasted roughly two minutes and comprised UDP and TCP flood packets to overpower the server and lock out hundreds of thousands of users.

Cloudflare said the attack had one of the greatest bitrates it ever documented and addressed. A DDoS attack of this magnitude happened in 2017 as part of a six-month campaign by a nation-state actor, Google reported in 2020. According to Cloudflare’s 2022 Q3 DDoS report, multi-terabyte DDoS assaults are increasingly common.

A change in DDoS attacks

In November 2021, one of the largest DDoS attacks ever observed peaked at 3.47 terabytes per second. Cloudflare dealt with a 111 percent increase in DDoS attacks in the third quarter of 2022 compared to the same quarter last year. Layer 3 and 4 (L3/4) DDoS attacks nearly doubled in frequency.

Taiwan was the most frequently targeted region for HTTP DDoS attacks, with a 200 percent rise over the previous quarter, while Japan faced a 105 percent increase in attacks. L3/4 DDoS attacks primarily targeted the gaming industry, and a resurgence of the Mirai malware variant boosted their volume, increasing activity by 405 percent compared to the second quarter of 2022.

Most attacks don’t amount to much

Although Cloudflare reported an increase in DDoS attacks above 100 Gbps, the organization emphasized that large-scale attacks remain an exception, accounting for only 0.1 percent of all attacks.

The vast majority (97.3 percent) were attacks of less than 500 Mbps, which Cloudflare labels as cyber vandalism, attributing the incidents to ‘script-kiddies’ who utilize widely accessible DDoS tools and direct attacks towards small and poorly secured sites.

Most attacks are short (94 percent) are short, lasting less than 20 minutes. Episodes lasting more than an hour and three hours had a minor increase of 8.6 percent and 3.2 percent, respectively.