Cyber Daily Report

News

Home News

NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator

  • None--securityboulevard.com
  • published date: 2025-11-16 00:00:00 UTC

None

<h2>Incident Summary</h2><p>On October 21, 2025, NSFOCUS Cloud DDoS Protection Service (Cloud DPS) detected and mitigated an 800G+ DDoS attack towards a critical infrastructure operator.</p><p>The target network sustained a multi-vector volumetric DDoS attack peaking at <strong>843.4 Gbps</strong> and <strong>73.6 Mpps</strong>. The assault combined <strong>UDP-based floods (dominant)</strong> with amplification and reflection techniques.</p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&amp;utm_source=sb&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><strong>NSFOCUS Cloud DPS</strong> and <strong>Managed Security Service</strong> (MSS) team successfully activated real-time mitigation and <strong>dropped over 99.9% of malicious traffic</strong>. The clean traffic during the whole incident remains below 700 Mbps.</p><div class="wp-block-image"> <figure class="aligncenter size-large"><a href="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps.png"><img fetchpriority="high" decoding="async" width="1024" height="266" src="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-1024x266.png" alt="" class="wp-image-32768" srcset="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-1024x266.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-300x78.png 300w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-768x200.png 768w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-332x86.png 332w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps-150x39.png 150w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-843.4-Gbps.png 1270w" sizes="(max-width: 1024px) 100vw, 1024px"></a></figure> </div><p class="has-text-align-center">Fig. 1 DDoS attack peaking at 843.4 Gbps</p><div class="wp-block-image"> <figure class="aligncenter size-large"><a href="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps.png"><img decoding="async" loading="lazy" width="1024" height="264" src="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-1024x264.png" alt="" class="wp-image-32770" srcset="https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-1024x264.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-300x77.png 300w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-768x198.png 768w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-332x86.png 332w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps-150x39.png 150w, https://nsfocusglobal.com/wp-content/uploads/2025/11/DDoS-attack-peaking-at-73.6-Mbps.png 1268w" sizes="auto, (max-width: 1024px) 100vw, 1024px"></a></figure> </div><p class="has-text-align-center">Fig. 2 DDoS attack peaking at 73.6 Mpps</p><h2>Attack Overview</h2><p><strong>1. Attack Type Distribution (Top 3 Vectors)</strong></p><figure class="wp-block-table is-style-stripes"> <table> <thead> <tr> <th><strong>Rank</strong></th> <th><strong>Attack Type</strong></th> <th><strong>Volume</strong></th> <th><strong>% of Total</strong></th> </tr> </thead> <tbody> <tr> <td><strong>1</strong></td> <td>UDP Flood</td> <td>~609G</td> <td>70.7%</td> </tr> <tr> <td><strong>2</strong></td> <td>Manual Strategy</td> <td>~30G</td> <td>3.6%</td> </tr> <tr> <td><strong>3</strong></td> <td>Carpet Bombing Attack</td> <td>~2.9G</td> <td>0.34%</td> </tr> </tbody> </table> </figure><div class="wp-block-image"> <figure class="aligncenter size-large is-resized"><a href="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution.png"><img decoding="async" loading="lazy" src="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-1024x855.png" alt="" class="wp-image-32772" width="768" height="641" srcset="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-1024x855.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-300x250.png 300w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-768x641.png 768w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-216x180.png 216w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution-150x125.png 150w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Type-Distribution.png 1263w" sizes="auto, (max-width: 768px) 100vw, 768px"></a></figure> </div><p class="has-text-align-center">Fig. 3 Attack Type Distribution</p><p><strong>Key Insight 1:</strong> <strong>UDP Flood</strong> is very likely to reach high volume, which requires mitigation service provider to have dedicated bandwidth and sufficient mitigation gear to absorb the DDoS traffic.</p><p><strong>2. Traffic Trend (bps) – Peak Mitigation</strong></p><figure class="wp-block-table is-style-stripes"> <table> <thead> <tr> <th><strong>Metric</strong></th> <th><strong>Value</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Inbound Traffic Peak</strong></td> <td><strong>843.4 Gbps</strong></td> </tr> <tr> <td><strong>Attack Traffic Peak (Dropped)</strong></td> <td><strong>842.8 Gbps</strong></td> </tr> <tr> <td><strong>Passed Traffic Peak</strong></td> <td><strong>710.9 Mbps</strong> (0.08% of inbound)</td> </tr> <tr> <td><strong>Dropped Ratio</strong></td> <td><strong>99.92%</strong></td> </tr> </tbody> </table> </figure><p><strong>Key Insight 2:</strong> Managed Security Service (MSS) with mitigation effect SLA can be valuable, an experienced, responsive MSS team can do real-time policy tuning to maintain clean traffic at very low level (&lt;0.08%), which is critical to keep the service alive.</p><p><strong>3. Attack Timeline</strong></p><figure class="wp-block-table is-style-stripes"> <table> <thead> <tr> <th><strong>Time</strong></th> <th><strong>Event</strong></th> </tr> </thead> <tbody> <tr> <td><strong>12:00</strong></td> <td>Baseline traffic normal (~100 Mbps)</td> </tr> <tr> <td><strong>12:05</strong></td> <td>First spike detected – UDP Flood initiation</td> </tr> <tr> <td><strong>12:15</strong></td> <td>Traffic ramped to 600+ Gbps</td> </tr> <tr> <td><strong>13:00</strong></td> <td><strong>Peak: 843.4 Gbps / 73.6 Mpps</strong></td> </tr> <tr> <td><strong>14:00</strong></td> <td>Attack intensity declined</td> </tr> <tr> <td><strong>14:16</strong></td> <td>Traffic returned to baseline</td> </tr> </tbody> </table> </figure><p><strong>Key Insight 3:</strong> Attackers now have adequate resources to peak the traffic in short time and capable of maintaining a peak traffic level of 600G-800G for 30 minutes or more. Modern mitigation service has to support always-on to ensure the minimum Time-to-Mitigate, while traditional service may take 30 mins just to initiate the mitigation.</p><p><strong>4. Attack Source IP Geo Distribution</strong></p><div class="wp-block-image"> <figure class="aligncenter size-large is-resized"><a href="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution.png"><img decoding="async" loading="lazy" src="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-1024x580.png" alt="" class="wp-image-32774" width="768" height="435" srcset="https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-1024x580.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-300x170.png 300w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-768x435.png 768w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-318x180.png 318w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution-150x85.png 150w, https://nsfocusglobal.com/wp-content/uploads/2025/11/Attack-Source-IP-Geo-Distribution.png 1271w" sizes="auto, (max-width: 768px) 100vw, 768px"></a></figure> </div><p class="has-text-align-center">Fig. 4 Attack Source IP Geo Distribution</p><p>The US, Singapore and China were top 3 source countries while the Netherlands and Romania also composed a significant part due to their rich datacenter resources.</p><p><strong>Key Insight 4:</strong> Mitigation service providers need to cover geographical hotspots include US, China, APAC and Europe. In-depth Threat Intelligence including botnet, command &amp; control, IP gang from above regions is appreciated to bring optimum mitigation effect.</p><h2>Conclusion &amp; Recommendations</h2><p><strong>NSFOCUS Cloud DPS</strong> demonstrated <strong>carrier-grade resilience</strong> against a <strong>terabit-scale, multi-vector DDoS assault</strong>. </p><p>Key strengths:</p><ul> <li><strong>Sub-second </strong>detection and mitigation</li> <li><strong>AI-driven </strong>proactive baseline learning</li> <li><strong>Near-perfect mitigation accuracy</strong> (99.92% drop)</li> <li><strong>Global scrubbing capacity </strong>covering hotspots</li> <li><strong>Rich rule engine</strong> handling multiple concurrent vectors</li> </ul><p>The post <a rel="nofollow" href="https://nsfocusglobal.com/nsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator/">NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator</a> appeared first on <a rel="nofollow" href="https://nsfocusglobal.com/">NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/nsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator/" data-a2a-title="NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fnsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator%2F&amp;linkname=NSFOCUS%20Cloud%20DDoS%20Protection%20Service%20%28Cloud%20DPS%29%20Detected%20and%20Mitigated%20an%20800G%2B%20DDoS%20Attack%20towards%20a%20Critical%20Infrastructure%20Operator" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fnsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator%2F&amp;linkname=NSFOCUS%20Cloud%20DDoS%20Protection%20Service%20%28Cloud%20DPS%29%20Detected%20and%20Mitigated%20an%20800G%2B%20DDoS%20Attack%20towards%20a%20Critical%20Infrastructure%20Operator" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fnsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator%2F&amp;linkname=NSFOCUS%20Cloud%20DDoS%20Protection%20Service%20%28Cloud%20DPS%29%20Detected%20and%20Mitigated%20an%20800G%2B%20DDoS%20Attack%20towards%20a%20Critical%20Infrastructure%20Operator" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fnsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator%2F&amp;linkname=NSFOCUS%20Cloud%20DDoS%20Protection%20Service%20%28Cloud%20DPS%29%20Detected%20and%20Mitigated%20an%20800G%2B%20DDoS%20Attack%20towards%20a%20Critical%20Infrastructure%20Operator" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fnsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator%2F&amp;linkname=NSFOCUS%20Cloud%20DDoS%20Protection%20Service%20%28Cloud%20DPS%29%20Detected%20and%20Mitigated%20an%20800G%2B%20DDoS%20Attack%20towards%20a%20Critical%20Infrastructure%20Operator" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://nsfocusglobal.com/">NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by NSFOCUS">NSFOCUS</a>. Read the original post at: <a href="https://nsfocusglobal.com/nsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator/">https://nsfocusglobal.com/nsfocus-cloud-ddos-protection-service-cloud-dps-detected-and-mitigated-an-800g-ddos-attack-towards-a-critical-infrastructure-operator/</a> </p>

Most Popular

JWT Governance for SOC 2, ISO 27001, and GDPR — A Complete Guide

  • None -- securityboulevard.com
  • Published date: 2025-11-17 00:00:00 UTC

OWASP Top 10 for 2025: What’s New and Why It Matters

  • None -- securityboulevard.com
  • Published date: 2025-11-17 00:00:00 UTC

NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator

  • None -- securityboulevard.com
  • Published date: 2025-11-16 00:00:00 UTC

What Are the Most Popular Single Sign-On Options?

  • None -- securityboulevard.com
  • Published date: 2025-11-16 00:00:00 UTC

What tools empower better Secrets Security management

  • None -- securityboulevard.com
  • Published date: 2025-11-16 00:00:00 UTC