Unprecedented 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Vulnerability
October 26, 2023
Cloudflare has reported an unprecedented series of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently revealed vulnerability known as HTTP/2 Rapid Reset. This flaw (CVE-2023-44487) was disclosed earlier this month. Among the thousands of attacks, 89 surpassed a staggering 100 million requests per second (RPS).
This surge in attacks has led to a 65% increase in HTTP DDoS attack traffic in Q3 compared to the previous quarter. Layer 3 and Layer 4 (L3/4) DDoS attacks also saw a 14% increase. The total number of HTTP DDoS attack requests in the quarter skyrocketed to 8.9 trillion, a significant rise from 5.4 trillion in Q2 2023 and 4.7 trillion in Q1 2023. Q4 2022 saw a total of 6.5 trillion attack requests.
The HTTP/2 Rapid Reset flaw has been utilized by an unknown threat actor to orchestrate DDoS attacks against various providers including Amazon Web Services (AWS), Cloudflare, and Google Cloud. Fastly, another provider, reported countering a similar attack that peaked at about 250 million RPS and lasted roughly three minutes.
According to Cloudflare, 'Botnets that leverage cloud computing platforms and exploit HTTP/2 are able to generate up to x5,000 more force per botnet node.' This increased power allowed the botnets, which ranged from 5-20 thousand nodes, to launch hyper-volumetric DDoS attacks.
Industries most targeted by HTTP DDoS attacks include gaming, IT, cryptocurrency, computer software, and telecom. The U.S., China, Brazil, Germany, and Indonesia were the biggest sources of application layer (L7) DDoS attacks while the U.S., Singapore, China, Vietnam, and Canada were the primary targets.
For the second consecutive quarter, DNS-based DDoS attacks were the most common, accounting for almost 47% of all attacks, a 44% increase compared to the previous quarter. SYN floods were the second most common, followed by RST floods, UDP floods, and Mirai attacks.
Interestingly, there has been a decrease in ransom DDoS attacks. Cloudflare attributes this to threat actors realizing that organizations are not willing to pay the ransoms.
This information comes in the wake of internet traffic fluctuations and a surge in DDoS attacks following the Israel-Hamas conflict, with Cloudflare successfully defending several attack attempts on Israeli and Palestinian websites.
Related News
- CISA Identifies Five Newly Exploited Vulnerabilities in Popular Software
- Record-Breaking DDoS Attacks Exploit New 'HTTP/2 Rapid Reset' Zero-Day Vulnerability
Latest News
- Russian APT28 Hackers Breach Critical Networks in France
- Russian Hackers Exploit Roundcube Zero-Day to Target European Governments
- VMware Addresses Critical Code Execution Vulnerability in vCenter Server
- Rockwell Automation Alerts Customers of Cisco Zero-Day Impacting Stratix Switches
- VMware Alerts Users to Public Exploit for vRealize RCE Vulnerability
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.