New Wave of DDoS Attacks: Understanding the ‘HTTP/2 Rapid Reset’ Zero-Day Technique

Digital wave depicting a DDoS attack with embedded HTTP/2 symbols against a network, and a stopwatch indicating rapid reset defense.

Introduction

Distributed Denial of Service (DDoS) attacks have been a persistent threat in the cybersecurity landscape. However, a new technique called ‘HTTP/2 Rapid Reset’ has emerged, setting unprecedented records in the scale and impact of DDoS attacks. This article delves into the details of this zero-day technique, its implications, and how businesses can safeguard themselves.

The Zero-Day Technique

The ‘HTTP/2 Rapid Reset’ technique exploits a zero-day vulnerability identified as CVE-2023-44487. It abuses a feature in the HTTP/2 protocol that allows for stream cancellation. In a typical attack, the malicious actor sends and cancels HTTP/2 requests continuously, overwhelming the target server and imposing a Denial of Service (DoS) state.

Record-Breaking Attacks

Major cloud service providers like Amazon Web Services, Cloudflare, and Google have reported mitigating attacks of unprecedented scale. Google reported a record-breaking 398 million requests per second (rps), while Cloudflare and Amazon reported 201 million rps and 155 million rps, respectively.

Mitigation Strategies

Cloudflare has employed a system called ‘IP Jail’ to handle these hyper-volumetric attacks. Amazon and Google have also taken steps to mitigate the impact, although specific details are not disclosed. The general recommendation is to use all available HTTP-flood protection tools and bolster DDoS resilience with multifaceted mitigations.

Implications and Future Outlook

The scale of these attacks is alarming, especially considering they have been executed using relatively small botnets. As threat actors employ more expansive botnets, it is expected that HTTP/2 Rapid Reset attacks will continue to break even greater records.

Conclusion

The ‘HTTP/2 Rapid Reset’ zero-day technique has set a new benchmark for DDoS attacks. While cloud service providers are actively working on mitigation strategies, businesses must also take proactive steps to protect themselves from these evolving threats.

Picture of admin

admin

Leave a Reply

Sign up for our Newsletter

Get the latest information on what is going on in the I.T. World.