Three Days of Critical Threats and Record-Breaking Attacks

Francois

5 min read
Three Days of Critical Threats and Record-Breaking Attacks

This weekend brought us a perfect storm of cybersecurity chaos: record-breaking DDoS attacks hitting 22.2 Tbps, major European airports crippled by ransomware, and a critical vulnerability with a perfect 10.0 CVSS score. If you're wondering whether your organization is ready for what's coming next, keep reading.

The Big Picture: When "Unprecedented" Becomes the New Normal

As someone who's been troubleshooting enterprise security incidents for over two decades, I can tell you that this past weekend felt different. We didn't just see isolated incidents—we witnessed the convergence of several attack vectors that represent the new reality of cybersecurity in 2025.

What made this weekend extraordinary:

  • Scale: A DDoS attack that redefined "massive" at 22.2 terabits per second
  • Impact: Critical infrastructure (airports) brought to manual operations
  • Severity: A vulnerability scoring the maximum 10.0 on the CVSS scale
  • Sophistication: Supply chain attacks targeting major security vendors

Let's break down what happened, why it matters to your organization, and what you need to do about it.

The Record-Breaking DDoS Attack That Broke the Internet (Almost)

What Happened

Cloudflare mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps) over the weekend. To put this in perspective, that's roughly equivalent to the entire internet traffic of a small country being directed at a single target.

The Expert Angle Everyone's Missing

While headlines focus on the record-breaking numbers, here's what 20+ years of network administration tells me: This wasn't just about size—it was about precision. The attackers didn't just throw everything at the wall; they orchestrated a multi-vector assault that tested every layer of modern DDoS protection.

The technical implications:

  • Traditional rate-limiting becomes useless at these volumes
  • Content delivery networks face unprecedented stress testing
  • Legacy infrastructure simply cannot handle this scale
  • Even "DDoS-protected" services may have blind spots

What This Means for Your Business

If you're running on traditional hosting or haven't stress-tested your DDoS protection recently, you're essentially flying blind. The question isn't if you'll face a volumetric attack, but when—and whether your current defenses can handle even a fraction of what we saw this weekend.

Immediate action items:

  1. Audit your DDoS protection: If you're relying on basic firewalls or entry-level cloud protection, it's time to upgrade
  2. Test your failover procedures: When was the last time you simulated a complete service outage?
  3. Review your incident response timeline: At these attack volumes, every second counts

European Airports Grounded by Ransomware Reality Check

The Collins Aerospace Nightmare

A cyberattack targeting Collins Aerospace's MUSE (Multi-User System Environment) software disrupted check-in systems across several major European airports, leading to widespread delays, flight cancellations, and manual fallback operations. The disruptions to airport electronic systems meant that only manual check-in and boarding was possible.

Why This Attack Succeeded (And Why It Matters)

Having implemented systems for clients in transportation and logistics, I can tell you exactly why this attack was so devastating: single points of failure in critical supply chains.

Collins Aerospace provides the backbone software that multiple airports depend on for:

  • Passenger check-in systems
  • Boarding pass generation
  • Baggage handling integration
  • Flight dispatch operations

When one vendor's system goes down, it creates a cascading failure across an entire industry segment.

The Hidden Supply Chain Risk

Here's what's particularly concerning: Most organizations have no idea how dependent they are on third-party software providers. Your business continuity plan might account for your own systems failing, but what happens when your vendor gets hit?

Questions every IT director should ask:

  • How many critical business processes rely on a single vendor's software?
  • What's your recovery time objective when third-party services fail?
  • Do you have offline/manual procedures that actually work?
  • When did you last test business continuity with external dependencies unavailable?

The Perfect 10 Vulnerability That Demands Immediate Attention

CVE-2025-10035: When Scoring Gets Serious

Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. A CVSS score of 10.0 is rare—it means an unauthenticated attacker can potentially execute arbitrary commands on the target system with minimal complexity.

What "Deserialization Vulnerability" Really Means

Let me translate this from security-speak: An attacker can send specially crafted data to an application, and the application will blindly execute whatever malicious code is hidden in that data. No username, no password, no insider access required.

Why deserialization attacks are so dangerous:

  • They often bypass traditional security controls
  • Detection is difficult without specialized monitoring
  • The impact is immediate and severe
  • Automated exploitation tools are readily available

The Business Impact Timeline

Based on my experience with similar vulnerabilities:

  • Hour 1-24: Proof-of-concept exploits appear online
  • Day 2-7: Automated scanners begin targeting vulnerable systems
  • Week 2-4: Widespread exploitation by opportunistic attackers
  • Month 2+: Advanced persistent threats incorporate into their toolkits

If your organization uses the affected software, you have a narrow window to patch before this becomes a serious business risk.

The CrowdStrike Supply Chain Wake-Up Call

When Security Vendors Become Targets

An ongoing supply chain attack has compromised multiple npm packages published by CrowdStrike, extending a malicious campaign known as the "Shai-Halud attack". While CrowdStrike quickly responded and confirmed their main Falcon platform wasn't affected, this incident highlights a disturbing trend: attackers are increasingly targeting the security tools we depend on.

The Developer Trust Problem

Here's the scary part: Most development teams automatically trust packages from reputable sources like CrowdStrike. When those sources get compromised, the malicious code can spread through development environments, CI/CD pipelines, and ultimately into production systems.

What this means for your development practices:

  • Package verification processes need immediate review
  • Developer workstation security requires enhanced monitoring
  • CI/CD pipeline integrity checks are no longer optional
  • Incident response plans must include supply chain compromise scenarios

The Convergence Factor: Why These Aren't Isolated Incidents

After analyzing hundreds of security incidents over the years, I've noticed a pattern: major breaches rarely happen in isolation. The events of September 21-23 represent a convergence of attack vectors that create perfect storm conditions:

  1. Infrastructure under stress (record DDoS attacks)
  2. Critical systems failure (airport disruptions)
  3. Maximum impact vulnerabilities (CVSS 10.0 flaws)
  4. Supply chain compromise (trusted vendor infiltration)

When these factors combine, they create an environment where:

  • Incident response teams are overwhelmed
  • Normal security procedures break down
  • Organizations make rushed decisions
  • Attackers have multiple exploitation paths

What Your Organization Needs to Do Right Now

Immediate (Next 48 Hours)

  1. Patch assessment: Identify any systems affected by CVE-2025-10035
  2. DDoS protection audit: Test your current DDoS mitigation capabilities
  3. Supply chain inventory: List all critical third-party dependencies
  4. Manual procedure verification: Ensure offline/manual processes actually work

Short-term (Next 30 Days)

  1. Stress test your defenses: Simulate high-volume attacks and system failures
  2. Enhanced monitoring deployment: Implement detection for deserialization attacks
  3. Vendor risk assessment: Evaluate single points of failure in your supply chain
  4. Incident response table-top exercises: Practice coordinated response to multiple simultaneous incidents

Strategic (Next 90 Days)

  1. Zero-trust architecture evaluation: Reduce dependency on perimeter-based security
  2. Business continuity plan overhaul: Include supply chain failure scenarios
  3. Security team capability assessment: Ensure you can handle increased threat volume
  4. Executive briefing preparation: Quantify risks and required investments

The Bottom Line: Preparation vs. Panic

The cybersecurity landscape of September 2025 is fundamentally different from just five years ago. We're dealing with:

  • Attack volumes that can overwhelm traditional defenses
  • Supply chain compromises that turn trusted tools into threats
  • Critical infrastructure failures that cascade across industries
  • Vulnerabilities that provide maximum impact with minimal effort

The organizations that survive and thrive aren't the ones with perfect security—they're the ones with resilient security. They plan for multiple simultaneous failures, they test their assumptions regularly, and they view cybersecurity as a business enabler rather than a compliance checkbox.

Read more