A zero-day vulnerability in the HTTP/2 network protocol, known as HTTP/2 Rapid Reset and tracked as CVE-2023-44487, is currently being exploited to carry out the largest DDoS attack in history. This vulnerability affects all organizations and individuals using servers that provide HTTP/2 to the internet. HTTP/2 is a major revision of the HTTP network protocol that improves web application speed, efficiency, and security by enabling multiple requests and responses to be sent and received in parallel over a single TCP connection. The HTTP/2 Rapid Reset attack leverages the stream cancellation feature of HTTP/2, where the attacker sends a request and cancels it immediately, leading to a DDoS attack when automated at scale. Google, AWS, and Cloudflare have reported significant attacks, with Google experiencing a peak of 398 million requests per second.
Cloudflare CEO Matthew Prince stated that this attack requires a relatively small number of bots, between 10,000 and 20,000 nodes, which is concerning considering botnets with hundreds of thousands or millions of nodes are common. The attack has the potential to generate more traffic than the estimated legitimate traffic volume of the entire web, which would overwhelm even the largest organizations without appropriate mitigation. The attack targets an underlying weakness in the HTTP/2 protocol, making any vendor that has implemented HTTP/2 susceptible.
A cross-industry response was coordinated between Google, other cloud providers, and software maintainers to share intelligence and mitigation methodologies in real-time. Vendor patches for CVE-2023-44487 are available and should be deployed promptly. Organizations should also ensure that all automation and builds are fully patched to avoid deploying older, vulnerable versions of web servers. While disabling HTTP/2 is a possible mitigation strategy, it is not recommended for businesses that require good web performance. Most organizations can still mitigate this attack vector and benefit from the advantages of a modern web protocol by implementing appropriate measures.
Source link