Introduction
Distributed Denial of Service (DDoS) attacks have been a persistent threat in the cybersecurity landscape. However, a new technique called ‘HTTP/2 Rapid Reset’ has emerged, setting unprecedented records in the scale and impact of DDoS attacks. This article delves into the details of this zero-day technique, its implications, and how businesses can safeguard themselves.
The Zero-Day Technique
The ‘HTTP/2 Rapid Reset’ technique exploits a zero-day vulnerability identified as CVE-2023-44487. It abuses a feature in the HTTP/2 protocol that allows for stream cancellation. In a typical attack, the malicious actor sends and cancels HTTP/2 requests continuously, overwhelming the target server and imposing a Denial of Service (DoS) state.
Record-Breaking Attacks
Major cloud service providers like Amazon Web Services, Cloudflare, and Google have reported mitigating attacks of unprecedented scale. Google reported a record-breaking 398 million requests per second (rps), while Cloudflare and Amazon reported 201 million rps and 155 million rps, respectively.
Mitigation Strategies
Cloudflare has employed a system called ‘IP Jail’ to handle these hyper-volumetric attacks. Amazon and Google have also taken steps to mitigate the impact, although specific details are not disclosed. The general recommendation is to use all available HTTP-flood protection tools and bolster DDoS resilience with multifaceted mitigations.
Implications and Future Outlook
The scale of these attacks is alarming, especially considering they have been executed using relatively small botnets. As threat actors employ more expansive botnets, it is expected that HTTP/2 Rapid Reset attacks will continue to break even greater records.
Conclusion
The ‘HTTP/2 Rapid Reset’ zero-day technique has set a new benchmark for DDoS attacks. While cloud service providers are actively working on mitigation strategies, businesses must also take proactive steps to protect themselves from these evolving threats.