October 10, 2023 at 03:35PM
A new zero-day attack named “HTTP/2 Rapid Reset” has exploited a security vulnerability, resulting in a record-breaking distributed denial-of-service (DDoS) flood. The attack targeted cloud and Internet infrastructure providers and lasted for minutes. The attack utilized a bug in the HTTP/2 protocol, affecting about 60% of web applications. While mitigation efforts by Amazon Web Services, Cloudflare, and Google Cloud were undertaken, organizations should proactively patch their HTTP/2 instances to protect against this threat. The attack involves overwhelming websites by generating and canceling hundreds of thousands of HTTP/2 requests simultaneously. The attack reached peak levels of over 201 million requests per second, significantly surpassing previous DDoS attacks. Despite initial mitigations, ongoing attacks using this bug continue. It is crucial for organizations to apply patches and prepare for DDoS attacks, as they remain a significant threat in the cybersecurity landscape.
Key takeaways from the meeting notes:
1. An Internet-wide security vulnerability called “HTTP/2 Rapid Reset” led to a massive distributed denial-of-service (DDoS) attack that surpassed any previous attack in scale.
2. The attack targeted cloud and Internet infrastructure providers and took place over August 28-29.
3. The attackers exploited a bug in the HTTP/2 protocol, which is used in approximately 60% of all Web applications.
4. Amazon Web Services, Cloudflare, and Google Cloud observed the attack and collaborated with other vendors to minimize its impact.
5. The attack involves making a large number of HTTP/2 requests and immediately canceling them, overwhelming websites and knocking them offline.
6. During the peak of the attack, Cloudflare saw over 201 million requests per second, triple the size of the previous record.
7. Google and AWS also experienced significantly high request volumes during the attack.
8. Despite mitigations put in place, attackers continue to launch DDoS attempts using the bug.
9. Organizations that use HTTP-based workloads or operate HTTP/2-capable servers should patch their vulnerabilities.
10. While the Rapid Reset attacks haven’t had a critical impact, they highlight the need for organizations to be proactive in their security measures and assume a breach mindset.
Full Article – https://ift.tt/m7ERoZK