There had been “thousands” of hyper-volumetric HTTP distributed denial of service (DDoS) attacks in the time since the HTTP/2 Rapid Reset vulnerability was disclosed, a new report from Cloudflare has claimed, adding that 89 of those exceeded 100 million requests per second (rps).
Thanks to these attacks, the total amount of HTTP DDoS attacks for the third quarter of the year, compared to Q2, was up 65%, the company added. “Similarly, L3/4 DDoS attacks also increased by 14%,” it added.
In raw numbers, there were 8.9 trillion HTTP DDoS attack requests in the quarter, up from 5.4 trillion in Q2 and 4.7 trillion in Q1.
Rapid reset
HTTP/2 Rapid Reset is a vulnerability that was discovered earlier this month when security researchers from Google (and others) observed DDoS attacks of previously unseen powers. In the first week of October Google said it blocked an attack 7.5 times larger than the largest-ever recorded DDoS incident – 398 million rps.
“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” Google noted at the time.
Cloud computing service provider Fastly also said it blocked an attack counting 250 million rps.
“Botnets that leverage cloud computing platforms and exploit HTTP/2 are able to generate up to x5,000 more force per botnet node,” Cloudflare said. “This allowed them to launch hyper-volumetric DDoS attacks with a small botnet ranging 5-20 thousand nodes alone.”
The attackers behind these campaigns usually target firms in the gaming industry, IT, cryptocurrencies, computer software, and telecommunications industries. The attackers are usually located in the U.S., China, Brazil, Germany, and Indonesia, while the victims reside mostly in the U.S., Singapore, China, Vietnam, and Canada
“For the second consecutive quarter, DNS-based DDoS attacks were the most common,” the company said. “Almost 47% of all attacks were DNS-based. This represents a 44% increase compared to the previous quarter. SYN floods remain in second place, followed by RST floods, UDP floods, and Mirai attacks.”