HTTP 2 Zero Day Vulnerability A New Threat To Businesses Of All Sizes

HTTP 2 Zero Day Vulnerability A New Threat To Businesses Of All Sizes

On October 10, 2023, Cloudflare, Google, and Amazon AWS disclosed a new zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks.

DDoS attacks are designed to overwhelm a website or server with traffic, making it unavailable to legitimate users. Hyper-volumetric DDoS attacks are particularly dangerous because they can generate massive amounts of traffic, which can be difficult to mitigate even for large companies.

The HTTP/2 Rapid Reset attack works by sending a large number of HTTP/2 requests to a server. The server then sends back a “reset” message, which tells the client to stop sending requests. However, the attacker can keep sending requests even after receiving the reset message. This can cause the server to become overloaded and unavailable.

Researchers have confirmed that the HTTP/2 Rapid Reset vulnerability has been used to launch some of the largest DDoS attacks in history. For example, in October 2023, Cloudflare mitigated a DDoS attack using this vulnerability that peaked at 4.2 terabits per second (Tbps). This is the largest DDoS attack ever recorded.

The HTTP/2 Rapid Reset vulnerability is a serious threat to businesses of all sizes. Even small businesses can be targeted by DDoS attacks, and the consequences of a successful attack can be devastating. Businesses can lose revenue, damage their reputation, and even go out of business as a result of a DDoS attack.

There are a number of things that businesses can do to protect themselves from DDoS attacks, including:

  • Use a web application firewall (WAF): A WAF can help to filter out malicious traffic and protect your website from DDoS attacks.
  • Use a content delivery network (CDN): A CDN can help to distribute your website’s traffic across multiple servers, making it more difficult for attackers to overwhelm your website.
  • Have a DDoS mitigation plan in place: A DDoS mitigation plan should outline the steps that you will take in the event of a DDoS attack. This plan should include contacting your hosting provider and your internet service provider (ISP).

If you are concerned about the HTTP/2 Rapid Reset vulnerability, contact Be Secure Cyber to discuss how to mitigate against attacks like this and safeguard your online presence.

What can you do to protect your business?

In addition to the tips above, there are a number of other things that you can do to protect your business from DDoS attacks, including:

  • Educate your employees about cyber security: Your employees should be aware of the signs of a DDoS attack and know what to do if they suspect that your website is under attack.
  • Keep your software up to date: Software vendors regularly release security updates to fix vulnerabilities. It is important to install these updates as soon as they are available.
  • Use strong passwords: Strong passwords are essential for protecting your website from cyber attacks. Use a password manager to generate and store strong passwords for all of your online accounts.
  • Monitor your website traffic: It is important to monitor your website traffic for any unusual activity. This can help you to identify and respond to DDoS attacks quickly.

Contact Be Secure Cyber today and we can help you plan to protect your business against cyber threats.

Links:

https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

(We take no responsibility for the content of external links.)