Google, Cloudflare, and Amazon Web Services were able to avert record-breaking layer 7 distributed denial-of-service attacks leveraging the new HTTP/2 Rapid Reset technique that peaked at 398 million, 201 million, and 155 million requests per second, respectively, reports The Hacker News.
Such a technique involves a zero-day vulnerability in the HTTP/2 protocol, which could be exploited to enable quick requests and resets in various HTTP/2 connections that could disrupt overwhelmed websites, according to AWS researchers Tom Scholl and Mark Ryland.
Numerous iterations of Rapid Reset attacks were observed by Google Cloud researchers, who noted that newer versions were more efficient despite being less effective than the original variant.
The emergence of DDoS attacks using the Rapid Reset technique should prompt immediate strengthening of HTTP/2 defenses, said Cloudflare Chief Security Officer Grant Bourzikas.
"After today, threat actors will be largely aware of the HTTP/2 vulnerability; and it will inevitably become trivial to exploit and kick off the race between defenders and attacks first to patch vs. first to exploit," Bourzikas added.
Cloud Security, Security Staff Acquisition & Development
Record-breaking DDoS attacks facilitated by novel technique thwarted
Share
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news