Technology companies Google, Microsoft, Amazon and Cloudflare have said that they have mitigated the largest known Distributed Denial-of-Service (DDoS) cyber attack that could have disrupted a number of services offered by these companies.
All the four companies wrote in their respective blogs posts the novel zero-day vulnerability is dubbed “HTTP/2 Rapid Reset.”
To mitigate the flaw in HTTP/2 – a newer version of the HTTP network protocol – the companies developed technology and added additional protections to further mitigate similar attacks.
DDoS is a type of cyber attack wherein criminals overwhelm targeted servers with a large number of illegitimate data requests, making it impossible for legitimate web traffic to get through, and take them offline.
What Google has to say
According to Google, the attack peaked in August 2023 and it stopped the attacks – over 398 million requests per second – which were more than seven times the size of the previous record-breaking attack thwarted last year.
The company said only two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”
It also said that software patches and updates for common web servers and programming languages may be available to apply now or in the near future.
‘Rapid Reset’ powerful cyberattack enabler: Cloudflare
Cloudflare said that “Rapid Reset” provides threat actors with a powerful new way to attack victims across the internet at an order of magnitude larger than anything the Internet has seen before. Cloudflare said the attack was “three times larger than any previous attack we’ve observed.”
“Successfully mitigating this threat for every critical infrastructure organisation, customer, and the Internet at-large is the lifeblood of what Cloudflare stands for. We are one of the only companies equipped to identify and address threats of this magnitude, at the speed required to maintain the integrity of the Internet,” said Matthew Prince, CEO at Cloudflare.
Amazon confirmed it was target with ‘new’ DDoS attack
Amazon Web Services (AWS) division also confirmed being targeted by “a new type of distributed denial of service (DDoS) event.” The company said that AWS detected the attack and has been protecting customer applications since late August.
“Between August 28 and August 29, 2023, proactive monitoring by AWS detected an unusual spike in HTTP/2 requests to Amazon CloudFront, peaking at over 155 million requests per second (RPS),” Amazon said.
Microsoft rolls out security updates
Microsoft said that it was notified by industry partners about a newly-identified DDoS attack technique being used in the wild targeting HTTP/2 protocol in September. The company said it has rolled out protections in Microsoft Security Updates released on October 10.
All the four companies wrote in their respective blogs posts the novel zero-day vulnerability is dubbed “HTTP/2 Rapid Reset.”
To mitigate the flaw in HTTP/2 – a newer version of the HTTP network protocol – the companies developed technology and added additional protections to further mitigate similar attacks.
DDoS is a type of cyber attack wherein criminals overwhelm targeted servers with a large number of illegitimate data requests, making it impossible for legitimate web traffic to get through, and take them offline.
What Google has to say
According to Google, the attack peaked in August 2023 and it stopped the attacks – over 398 million requests per second – which were more than seven times the size of the previous record-breaking attack thwarted last year.
The company said only two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”
It also said that software patches and updates for common web servers and programming languages may be available to apply now or in the near future.
‘Rapid Reset’ powerful cyberattack enabler: Cloudflare
Cloudflare said that “Rapid Reset” provides threat actors with a powerful new way to attack victims across the internet at an order of magnitude larger than anything the Internet has seen before. Cloudflare said the attack was “three times larger than any previous attack we’ve observed.”
“Successfully mitigating this threat for every critical infrastructure organisation, customer, and the Internet at-large is the lifeblood of what Cloudflare stands for. We are one of the only companies equipped to identify and address threats of this magnitude, at the speed required to maintain the integrity of the Internet,” said Matthew Prince, CEO at Cloudflare.
Amazon confirmed it was target with ‘new’ DDoS attack
Amazon Web Services (AWS) division also confirmed being targeted by “a new type of distributed denial of service (DDoS) event.” The company said that AWS detected the attack and has been protecting customer applications since late August.
“Between August 28 and August 29, 2023, proactive monitoring by AWS detected an unusual spike in HTTP/2 requests to Amazon CloudFront, peaking at over 155 million requests per second (RPS),” Amazon said.
Microsoft rolls out security updates
Microsoft said that it was notified by industry partners about a newly-identified DDoS attack technique being used in the wild targeting HTTP/2 protocol in September. The company said it has rolled out protections in Microsoft Security Updates released on October 10.