There have been ‘thousands’ of hypervolumetric HTTP distributed denial of service (DDoS) attacks in the time since the HTTP/2 Rapid Reset vulnerability was disclosed, a new report of Cloudflare has claimed, adding that 89 of them exceeded 100 million requests per second (rps).
These attacks increased the total number of HTTP DDoS attacks by 65% in the third quarter of the year compared to the second quarter, the company added. “Similarly, L3/4 DDoS attacks have also increased by 14%,” it added.
In raw numbers, there were 8.9 trillion HTTP DDoS attack requests this quarter, compared to 5.4 trillion in the second quarter and 4.7 trillion in the first quarter.
Quick reset
HTTP/2 Rapid Reset is a vulnerability discovered earlier this month when Google security researchers (and others) observed DDoS attacks from previously unseen forces. In the first week of October, Google said it had blocked an attack 7.5 times larger than the largest DDoS incident on record: 398 million rps.
“The most recent wave of attacks began in late August and continues today, targeting major infrastructure providers, including Google services, Google Cloud infrastructure, and our customers,” Google noted at the time.
Cloud computing service provider Fastly also said it blocked an attack with a speed of 250 million rps.
“Botnets that use cloud computing platforms and exploit HTTP/2 can generate up to 5,000 additional power per botnet node,” Cloudflare said. “This allowed them to launch hypervolumetric DDoS attacks with a small botnet spanning between 5 and 20,000 nodes alone.”
The attackers behind these campaigns usually target companies in the gaming, IT, cryptocurrencies, computer software and telecommunications industries. The attackers are mostly located in the US, China, Brazil, Germany and Indonesia, while the victims mainly live in the US, Singapore, China, Vietnam and Canada.
“For the second consecutive quarter, DNS-based DDoS attacks were the most common,” the company said. “Nearly 47% of all attacks were based on DNS, an increase of 44% compared to the previous quarter. SYN floods remain in second place, followed by RST floods, UDP floods and Mirai attacks.”