Vulnerability alert: Protecting Against the Newest DDoS Threat
In the ever-evolving landscape of cyber threats, the HTTP/2 Rapid Reset Vulnerability has emerged as a significant player in recent record-setting Distributed Denial-of-Service (DDoS) attacks. Amazon Web Services (AWS), Cloudflare, and Google have recently confronted these attacks, urging businesses to be vigilant and proactive.
? Understanding the Threat:
HTTP/2 is a revolutionary protocol designed to optimize user experience by multiplexing several requests over a single TCP connection. While this is advantageous for speedy web browsing, a zero-day vulnerability has been discovered within. This flaw, termed HTTP/2 Rapid Reset, is used by threat actors to unleash a deluge of requests, rapidly opening and canceling them, rendering targeted servers helpless.
The severity? At its peak, Google’s infrastructure faced a massive 398 million requests per second (RPS). In similar attacks, AWS and Cloudflare observed RPS rates of 155 million and 201 million respectively.
The mechanism? The threat actor sends a barrage of requests for multiple streams and immediately sends a reset for each of those requests. The server, working diligently, processes each request, generating logs for a request that’s then canceled by the client.
?️ Mitigating the Risk:
- Awareness: Recognize the scale of this vulnerability. It can be exploited using relatively small botnets, with Cloudflare noting attacks from as few as 20,000 machines.
- Limit Concurrent Streams: Adjust server configurations to restrict the number of concurrent streams. For instance, F5 recommends limiting concurrent streams to 128 and persisting HTTP connections for up to 1000 requests.
- Monitor Traffic Patterns: Keep an eye out for patterns that resemble the Rapid Reset attack, like a sudden surge of request initiation and termination.
- Stay Updated: Ensure that all systems and protocols are updated to the latest versions. Vendors frequently release patches and updates to address emerging vulnerabilities.
- Engage a Security Team: Employ or consult with a cybersecurity team to regularly audit and assess vulnerabilities in your systems.
? Act Now, Stay Protected:
HTTP/2 is widely adopted, with 35.6% of websites using it. Therefore, the potential scale of exploitation is vast. With cyber adversaries constantly evolving their tactics, staying one step ahead is crucial.
Info System Consultants is here to guide and protect businesses in this challenging cybersecurity landscape. Reach out to us for a comprehensive assessment and ensure that your organization is shielded against such sophisticated threats.