October 26, 2023 at 10:06AM
Cloudflare has reported mitigating thousands of distributed denial-of-service (DDoS) attacks that exploited the recently disclosed HTTP/2 Rapid Reset flaw. Among these attacks, 89 exceeded 100 million requests per second. The total number of HTTP DDoS attack requests in Q3 2023 reached 8.9 trillion, representing a significant increase compared to previous quarters. The report also mentions a rise in L3/4 DDoS attacks. The article highlights the industries most targeted by these attacks and the countries that serve as sources and targets. DNS-based attacks were the most common, with a notable decrease in ransom DDoS attacks.
Key takeaways from the meeting notes on Newsroom Network Security / Cyber Attack:
1. Cloudflare reported mitigating thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks.
2. The attacks exploited a recently disclosed flaw called HTTP/2 Rapid Reset.
3. Out of the attacks, 89 exceeded 100 million requests per second (RPS).
4. The campaign led to a 65% increase in HTTP DDoS attack traffic in Q3 compared to the previous quarter.
5. L3/4 DDoS attacks also increased by 14%.
6. The total number of HTTP DDoS attack requests surged to 8.9 trillion in the quarter, up from 5.4 trillion in Q2 2023 and 4.7 trillion in Q1 2023.
7. HTTP/2 Rapid Reset (CVE-2023-44487) was the vulnerability leveraged in the attacks.
8. Botnets using cloud computing platforms and exploiting HTTP/2 can generate up to x5,000 more force per botnet node.
9. Gaming, IT, cryptocurrency, computer software, and telecom industries were targeted the most.
10. The U.S., China, Brazil, Germany, and Indonesia were the biggest sources of application layer (L7) DDoS attacks, while the U.S., Singapore, China, Vietnam, and Canada were the main targets.
11. DNS-based DDoS attacks were the most common, representing almost 47% of all attacks.
12. There was a decrease in ransom DDoS attacks, likely due to threat actors realizing organizations won’t pay.
13. Cloudflare repelled multiple attack attempts aimed at Israeli and Palestinian websites following the Israel-Hamas war.