Security News
New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare
Find out what security teams should do now, and hear what Cloudflare's CEO has to say about this DDoS. Google, AWS and Cloudflare have reported the exploitation of a zero-day vulnerability named HTTP/2 Rapid Reset and tracked as CVE-2023-44487, which is currently used in the wild to run the largest Distributed Denial of Service attack campaigns ever seen. The HTTP/2 Rapid Reset attack works by leveraging HTTP/2's stream cancellation feature: The attacker sends a request and cancels it immediately.
The method relies on stream multiplexing, a feature of the HTTP/2 protocol that allows multiple HTTP requests to be sent to a server on a single TCP connection. A feature of the protocol's streaming capability is the ability to send a request and soon after cancel that request, an action known as resetting the request's stream.
A Mirai-based DDoS malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others. IZ1H9 compromises devices to enlist them to its DDoS swarm and then launches DDoS attacks on specified targets, presumably on the order of clients renting its firepower.
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called...
A new DDoS technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.Since late August, Cloudflare has detected and mitigated over a thousand 'HTTP/2 Rapid Reset' DDoS attacks that surpassed 10 million rps, with 184 breaking the previous 71 million rps record.
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest DDoS attack in Internet history.
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of...
Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. In 2023, Sweden experienced a similar onslaught around its NATO bid, culminating with a 500 Gbps DDoS attack in May. Overall, ideologically motivated DDoS attacks have targeted the United States, Ukraine, Finland, Sweden, Russia, and multiple other countries.
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. Specifically, the analyst identified two vulnerabilities in the system impacting Cloudflare's "Authenticated Origin Pulls" and "Allowlist Cloudflare IP Addresses."
The distributed nature of IoT devices renders them ideal platforms for these attacks, making it difficult to identify and block malicious traffic and thereby compounding the challenges of DDoS mitigation. Let's discuss how IoT DDoS attacks happen and how new IoT devices join the ranks of bots.