Massive DDoS Attack Unleashed by ‘HTTP/2 Rapid Reset’ Bug: A groundbreaking zero-day attack called “HTTP/2 Rapid Reset” has exploited an Internet-wide security vulnerability, resulting in the largest-ever distributed denial-of-service (DDoS) event.
This news item delves into the details of this unprecedented attack, its impact, and the steps organizations can take to safeguard their networks.
Key Takeaways on Massive DDoS Attack Unleashed by ‘HTTP/2 Rapid Reset’ Bug:
- Unprecedented DDoS Attack: The “HTTP/2 Rapid Reset” attack, fueled by a zero-day vulnerability, led to an enormous DDoS flood, marking a new chapter in the evolution of DDoS threats.
- High-Severity Vulnerability: The vulnerability, tracked as CVE-2023-44487, carries a high-severity CVSS score of 7.5 out of 10 and targets the widely used HTTP/2 protocol.
- Ongoing Threat: While efforts have been made to mitigate the impact of the Rapid Reset attacks, organizations should remain vigilant and take proactive measures to protect their networks.
Unprecedented DDoS Attack
A groundbreaking DDoS attack, known as “HTTP/2 Rapid Reset,” has exploited an Internet-wide vulnerability, resulting in the largest DDoS event ever recorded.
This attack represents a significant evolution in the DDoS threat landscape, highlighting the need for increased vigilance.
High-Severity Vulnerability
The vulnerability responsible for the attack, CVE-2023-44487, is rated as high severity with a CVSS score of 7.5 out of 10. It targets the HTTP/2 protocol, a fundamental component of how the Internet and most websites operate. HTTP/2 enables browsers to request and view website elements quickly and efficiently.
The attack technique involves flooding websites with hundreds of thousands of HTTP/2 requests, followed by immediate cancellation. This pattern, when automated at scale, overwhelms websites and disrupts their operations. The attack efficiently knocks offline anything relying on HTTP/2.
Impact and Scale
During the peak of the August campaign, the scale of the attack was staggering. Cloudflare reported seeing over 201 million requests per second (rps), which was triple the size of the previous record-holder for a DDoS attack. Google observed a peak of 398 million rps, and AWS detected a peak of more than 155 million rps directed at the Amazon CloudFront service.
The efficiency of this attack is evident as it was launched using a relatively small botnet with fewer than 20,000 nodes. This attack not only showcases its power but also its efficiency in causing disruption.
Ongoing Threat
Despite mitigation efforts by cloud providers and DDoS security vendors, attackers continue to exploit the HTTP/2 Rapid Reset vulnerability. This persistence emphasizes the need for ongoing vigilance and proactive security measures.
Protecting Against Rapid Reset and DDoS Threats
Defending against Rapid Reset and other DDoS threats requires a multi-faceted approach:
- Understand your external and partner network’s connectivity to remediate Internet-facing systems.
- Assess your existing security protections and address any issues in your network.
- Ensure DDoS protection resides outside your data center to effectively mitigate attacks.
- Implement DDoS protection for applications, web servers, and DNS.
- Keep web servers and operating systems fully patched and up to date.
- Consider turning off HTTP/2 and HTTP/3 as a last resort if your network is vulnerable.
Conclusion
The “HTTP/2 Rapid Reset” DDoS attack serves as a stark reminder of the evolving threat landscape and the importance of proactive security measures.
Organizations should assume that their systems will be tested and take steps to ensure their protection.
