Technology titans Google, Amazon, and Cloudflare have reportedly navigated what is now known as the largest-ever recorded denial-of-service (DDoS) attack on the internet. This incident has raised concerns over a new vulnerability, labeled CVE-2023-44487, which experts warn could potentially lead to widespread disruptions.
Google revealed in its latest post that its cloud services had withstood an onslaught of rogue traffic exceeding seven times the size of the previous record-breaking attack they thwarted just a year ago. Cloudflare reported that the attack was “three times larger than any previous attack we’ve observed.”
Cloudflare said it thwarted the DDoS attack that surpassed the previous largest-ever attack by 300%, with the peak attack exceeding a staggering 201 million requests per second (RPS). In contrast, Google reported the DDoS attack peaking at a staggering 398 million RPS.
Amazon’s web services division, too, confirmed falling prey to this unprecedented event.
The novel zero-day vulnerability exploit known as “Rapid Reset” makes use of the stream cancellation feature within HTTP/2. This technique involves repeatedly sending a request and promptly canceling it.
By executing this automated sequence of “request, cancel, request, cancel” on a large scale, malicious actors can effectively launch a denial of service attack, potentially disrupting any server or application that utilizes the standard implementation of HTTP/2.
What sets this exploit apart is not just its scale, but its remarkably low resource requirement. Traditional DDoS attacks of this magnitude typically require vast botnets composed of hundreds of thousands to millions of infected computers. However, the HTTP/2 Rapid Reset exploit can unleash attacks three times larger with as few as 20,000 infected computers.
Having detected the earliest signs of these attacks in August, Google promptly implemented additional mitigation strategies and orchestrated a cross-industry response with fellow cloud providers and software maintainers utilizing the HTTP/2 protocol stack. Real-time sharing of intelligence and mitigation methods during the attacks paved the way for the collaborative development of patches and other mitigation techniques, subsequently adopted by numerous major infrastructure providers.
This concerted effort has led to the responsible disclosure of the new attack methodology, highlighting potential vulnerabilities across a wide array of common open-source and commercial proxies, application servers, and load balancers.
Defending against DDoS attacks
This recent development underscores the lowered threshold for hackers to launch devastating DDoS attacks, necessitating heightened vigilance among internet infrastructure providers and users alike.
To defend against DDoS attacks, organizations should first leverage the services of companies offering DDoS protection, which filter out harmful traffic and distribute it across multiple servers. Additionally, implementing rate limiting techniques can help restrict the number of requests a server can handle per second, reducing the impact of potential attacks. Employing traffic filtering tools is crucial in blocking malicious traffic, particularly from known botnets. Finally, embracing load balancing practices distributes traffic across multiple servers, preventing a single server from becoming overwhelmed during an attack.