DigiCert's UltraDDoS Protect service has successfully mitigated two unprecedented distributed denial-of-service (DDoS) attacks peaking at 2.4 Tbps and 3.7 Tbps, marking the largest DDoS events recorded on its network to date.
The first wave struck on July 29, 2025, targeting an always-on UltraDDoS Protect customer in the EMEA region. The second, even more aggressive attack followed on August 21, 2025, this time against a US-based customer in an unrelated sector. Despite the scale and distinct nature of each incident, DigiCert’s DDoS mitigation infrastructure was able to neutralize both threats without service disruption for its clients.
Two botnets, two tsunamis
The July attack reached 2.4 Tbps at its peak and delivered traffic at a blistering rate of 553 million packets per second (Mpps). It took the form of a carpet-bombing campaign, hitting nearly 800 unique IPv4 addresses across the victim’s network with HTTPS traffic aimed at port 443, rendering basic border filtering ineffective. Attack sources spanned globally, with high contribution from the US, Mexico, Canada, Japan, Israel, and Taiwan.
DigiCert
On August 21, the network absorbed an even larger wave, topping at 3.721 Tbps at 336 Mpps, 54% higher in bandwidth than the July event. This attack focused on 270 IP addresses but used larger, fragmented UDP packets, significantly increasing the data volume per packet. It also persisted longer, sustaining above 800 Gbps for over 10 minutes and delivering two sharp peaks lasting about three minutes. The differing geography and industry of the targets, as well as variation in packet structure and source distribution, indicate these were unrelated campaigns, likely powered by different botnets.
DigiCert
Mitigation mechanism
DigiCert operates UltraDDoS Protect, a mitigation platform with over 15 Tbps of dedicated DDoS defense capacity and a globally distributed infrastructure. It is designed to counter large-scale attacks that strike suddenly and can overwhelm unprepared networks. The system supports real-time detection, automated filtering, and analyst oversight through its security operations center, enabling rapid response to multi-terabit threats.
Mitigation unfolded in three stages. First, always-on routing through UltraDDoS Protect allowed traffic surges to be absorbed immediately. Next, automated countermeasures distinguished malicious flows from legitimate requests. Finally, SOC analysts manually reviewed and refined filters in real-time, communicating directly with customers.
While the 2.4 Tbps event was short-lived and never passed the first stage of defense, the 3.7 Tbps attack went through all three phases. The system’s layered design, including cloud firewall features, held firm, ensuring uninterrupted service for DigiCert clients during both events.
While this attack set a new record for DigiCert, it came just weeks after Cloudflare mitigated a 7.3 Tbps DDoS assault, the largest ever recorded. That incident, targeting a hosting provider using Cloudflare’s Magic Transit, was automatically deflected without service disruption.
Leave a Reply