TrollEye Security

Largest DDoS Attack in History Mitigated

In what’s being dubbed as a landmark cyber event, Google, Cloudflare, and Amazon Web Services (AWS) have jointly sounded the alarm on a novel zero-day vulnerability, called “HTTP/2 Rapid Reset.” This cybersecurity flaw is responsible for catalyzing the largest Distributed Denial of Service (DDoS) attack ever recorded, which was mitigated by Google Cloud.

The scale of this attack is staggering. At its peak, the DDoS attacks hurled 398 million requests per second (RPS) at Google’s digital defenses. To draw a comparison, this two-minute digital blitz generated more requests than Wikipedia experienced throughout September 2023. AWS and Cloudflare were not spared either, grappling with onslaughts peaking at 155 million and 201 million RPS, respectively.

Diving deeper into the mechanics, attackers weaponized an unknown weakness in the HTTP/2 protocol—a protocol that underpins nearly 60% of all web applications. Exploiting this loophole, cyber adversaries flooded web infrastructures with a barrage of requests, only to promptly cancel them. Cloudflare CSO, Grant Bourzikas, likened this to a relentless “request, cancel, request, cancel” pattern, overwhelming systems running standard HTTP/2 implementations. The result? Servers across the globe faced potential outages.

However, it wasn’t just the sheer magnitude of the attacks that caught attention. The ingenuity of the “Rapid Reset” method, as well as its efficiency, is noteworthy. To put it in perspective, the entire cyber assault was orchestrated using a modest botnet of fewer than 20,000 nodes. As Cloudflare’s analysis points out, the potency of this attack vector, given the size of the botnet, underscores the severity of this newfound vulnerability.

Yet, in the face of adversity, collaboration emerged as the silver lining. As reports of these attacks became public, AWS, Cloudflare, and Google swung into action. These tech behemoths initiated a cross-industry response, pooling intelligence and mitigation tactics. Their collaborative endeavors have borne fruit, yielding patches and mitigation strategies now employed by a plethora of large infrastructure providers.

But the work is far from over. Both organizations and individuals with HTTP-based web offerings are potentially at risk. Immediate patching for CVE-2023-44487, the identifier for this vulnerability, is of paramount importance.

As investigations continue and solutions are deployed, this event underscores the fragile nature of our interconnected digital world and the importance of collective collaboration in the face of escalating cyber threats