In a significant escalation of cyber threats targeting security researchers, the widely respected cybersecurity news site KrebsOnSecurity experienced one of the largest distributed denial-of-service (DDoS) attacks ever documented last week.

The attack, which peaked at a staggering 6.3 terabits of data per second, represents a ten-fold increase over the infamous 2016 Mirai botnet attack that previously forced the site offline for nearly four days.

Attack Details and Significance

The massive digital assault that struck Brian Krebs’ security blog on May 12, 2025, is now documented as the second-largest DDoS attack in history, according to information from KrebsOnSecurity. Only a similar attack mitigated by Cloudflare in April exceeded this recent incident in magnitude.

“The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand,” reports KrebsOnSecurity, suggesting this may be merely a precursor to potentially more devastating attacks.

Unlike the 2016 incident, when Akamai was providing DDoS protection for the site, KrebsOnSecurity is now defended by Google’s Project Shield, a free DDoS defense service. Damian Menscher from Google confirmed to Krebs that the May attack was “the largest Google has ever handled,” highlighting the unprecedented scale of this cyber assault.

Historical Context

This attack marks a concerning evolution in the DDoS landscape. In 2016, when the Mirai botnet targeted KrebsOnSecurity, the attack was so severe that Akamai, which was providing pro-bono protection at the time, requested Krebs to leave their service because the massive traffic was affecting their paying customers.

The Mirai incident became a watershed moment in cybersecurity history, demonstrating how vulnerable even well-protected sites could be to massive botnets comprised of compromised IoT devices. This latest attack, at 6.3 terabits per second, demonstrates a dramatic escalation in the firepower available to threat actors.

Technical Implications

The sheer volume of the attack—6.3 trillion bits of data per second—reveals the growing sophistication of botnet infrastructures. Security professionals are particularly concerned that this was described as a “test run,” suggesting the attackers were merely demonstrating capabilities rather than mounting a sustained assault.

Cybersecurity experts point to the increasing vulnerability created by the proliferation of poorly secured Internet of Things devices. These networked devices, often shipping with default passwords and minimal security protections, can be easily compromised and harnessed into massive botnets capable of overwhelming even robust defense systems.

Industry Response

The targeting of a prominent security journalist highlights the risks faced by those who expose cybercriminal operations. Brian Krebs has long been a target for hackers due to his investigations into cybercrime, and this latest attack demonstrates that threat actors continue to view his platform as a high-value target.

Google’s Project Shield, which successfully defended against this massive attack, represents an important industry response to protect journalists and security researchers who often find themselves in the crosshairs of sophisticated threat actors.

As reported by Cyber Daily Australia, this incident reinforces the growing concerns about critical infrastructure vulnerability to digital attacks of this magnitude. While KrebsOnSecurity remained accessible thanks to robust protection services, the incident serves as a stark reminder of the evolving threat landscape and the need for continued vigilance and investment in defensive capabilities across the digital ecosystem.