Over the weekend, Central Oregon became the target of a coordinated, large-scale distributed denial-of-service (DDoS) attack attributed to the Aisuru botnet. The attack generated sustained traffic peaks reaching approximately 20 terabits per second, placing it among the larger volumetric events observed in the region to date.

Thanks to the defensive architecture and monitoring systems in place at Bend Cloud, customer impact was limited, and overall downtime remained minimal.

What Happened

The attack began as a rapid escalation of malformed and amplified traffic patterns targeting multiple services hosted in Central Oregon. The traffic profile was consistent with modern botnet behavior: globally distributed sources, rapid vector switching, and aggressive attempts to overwhelm both network and application layers.

While the scale of the attack was significant, it was not unexpected. As regional infrastructure continues to grow, so does its visibility—and attractiveness—to adversaries testing new botnet capabilities.

How Our Systems Responded

Bend Cloud’s infrastructure is designed with the assumption that large-scale attacks are not a question of if, but when. Our DDoS mitigation strategy combines several layers:

• Always-on traffic scrubbing at the edge
• Real-time anomaly detection based on behavioral baselines
• Automated rate limiting and filtering for volumetric and protocol-level attacks
• Upstream coordination with network partners to absorb and diffuse attack traffic

As traffic volumes increased, mitigation rules were automatically enforced within seconds. While some services experienced brief latency spikes during the initial surge, the majority of customer workloads continued operating normally throughout the event.

Impact and Results

• Peak observed traffic: ~20 Tbps
• Duration: Sustained attack with multiple escalation phases
• Customer downtime: Limited and localized
• Data integrity: No loss or compromise
• Infrastructure status: Stable throughout the event

In short, the attack tested our systems exactly as intended—and they performed accordingly.

Why This Matters

Events like this serve as a reminder that cybersecurity is no longer an abstract concern reserved for major metropolitan areas. Regional data centers, ISPs, and cloud providers are increasingly targeted as attackers look for new surfaces to probe.

Preparedness is not about reacting faster after an incident—it is about building systems that remain resilient under pressure. This incident validated years of architectural decisions centered on redundancy, automation, and proactive defense.

Moving Forward

Following the attack, our engineering team conducted a full post-event analysis to further refine detection thresholds and response automation. While the outcome was successful, continuous improvement is essential in an environment where attack tools evolve rapidly.

We remain committed to providing secure, resilient infrastructure for Central Oregon and beyond—and to sharing transparency when events like this occur.

If you have questions about our security posture or would like to discuss additional protection for your workloads, our team is always available.

— Bend Cloud Engineering

---