October 26, 2023 at 09:43AM
Cloudflare has reported a significant increase in hyper-volumetric HTTP DDoS attacks in Q3 2023, surpassing previous years. These attacks overwhelm servers with garbage traffic, and exploit a new technique called ‘HTTP/2 Rapid Reset.’ Cloudflare also observed trends in mDNS, CoAP, and ESP attacks, indicating the emergence of new attack strategies. Ransom DDoS attacks, however, have decreased for two consecutive quarters. To defend against these evolving attacks, a comprehensive and multi-layered defense strategy is recommended.
According to the meeting notes, Cloudflare has reported a significant increase in hyper-volumetric HTTP DDoS attacks in the third quarter of 2023 compared to previous years. These attacks involve overwhelming targeted servers with large volumes of garbage traffic or bogus requests, making them unavailable to legitimate visitors.
Cloudflare mitigated thousands of these attacks during Q3 2023, with over 89 attacks exceeding 100 million requests per second. The largest attack peaked at 201 million requests per second, three times larger than the previous record.
These attacks are made possible by exploiting a new technique called ‘HTTP/2 Rapid Reset,’ which threat actors have been using since August 2023. The attacks employ VM-based botnets sized between 5,000 and 20,000 nodes, generating much more significant traffic per node compared to weak IoT devices.
Cloudflare also reports a 65% increase in the aggregated volume of HTTP DDoS attack traffic and a 14% increase in L3/L4 DDoS attacks in the last quarter.
In terms of targets, gaming and gambling entities were the most targeted by HTTP DDoS attacks, followed by IT and internet services, cryptocurrency, software, and telecommunications industries. Application-layer DDoS attacks mostly targeted mining firms, non-profit organizations, pharmaceuticals, and the U.S. Federal government.
The United States received nearly 5% of all HTTP DDoS traffic, followed by Singapore with over 3.1% and China with 2.2%.
Cloudflare has also observed emerging trends in the DDoS landscape, including a significant increase in mDNS attacks (456%), CoAP attacks (387%), and ESP attacks (303%) during Q3 2023. Ransom DDoS attacks, on the other hand, have been declining for two consecutive quarters.
It is crucial for companies and security companies to adopt a comprehensive, multi-layered defense strategy to enhance DDoS resilience as threat actors continue to adapt and explore new techniques.