DDoS attacks are getting bigger and more powerful, and that's a really bad thing

News
By Sead Fadilpašić
published

Since HTTP/2 Rapid Reset was found, DDoS attacks have been getting bigger

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

There had been “thousands” of hyper-volumetric HTTP distributed denial of service (DDoS) attacks in the time since the HTTP/2 Rapid Reset vulnerability was disclosed, a new report from Cloudflare has claimed, adding that 89 of those exceeded 100 million requests per second (rps). 

Thanks to these attacks, the total amount of HTTP DDoS attacks for the third quarter of the year, compared to Q2, was up 65%, the company added. "Similarly, L3/4 DDoS attacks also increased by 14%,” it added.

In raw numbers, there were 8.9 trillion HTTP DDoS attack requests in the quarter, up from 5.4 trillion in Q2 and 4.7 trillion in Q1.

Rapid reset

HTTP/2 Rapid Reset is a vulnerability that was discovered earlier this month when security researchers from Google (and others) observed DDoS attacks of previously unseen powers. In the first week of October Google said it blocked an attack 7.5 times larger than the largest-ever recorded DDoS incident - 398 million rps.

“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” Google noted at the time.

Cloud computing service provider Fastly also said it blocked an attack counting 250 million rps.

"Botnets that leverage cloud computing platforms and exploit HTTP/2 are able to generate up to x5,000 more force per botnet node," Cloudflare said. "This allowed them to launch hyper-volumetric DDoS attacks with a small botnet ranging 5-20 thousand nodes alone."

The attackers behind these campaigns usually target firms in the gaming industry, IT, cryptocurrencies, computer software, and telecommunications industries. The attackers are usually located in the U.S., China, Brazil, Germany, and Indonesia, while the victims reside mostly in the U.S., Singapore, China, Vietnam, and Canada

"For the second consecutive quarter, DNS-based DDoS attacks were the most common," the company said. "Almost 47% of all attacks were DNS-based. This represents a 44% increase compared to the previous quarter. SYN floods remain in second place, followed by RST floods, UDP floods, and Mirai attacks."

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.