Novel zero-day exploits fuel Q3 surge in DDoS attacks

Dive Brief:

  • Distributed denial of service attacks escalated during the third quarter, as a novel zero-day vulnerability led to a series of record-breaking attacks that continued into the month of October, according to a report released Thursday by Cloudflare
  • Exploits of the HTTP/2 Rapid Reset vulnerability led to record breaking incidents, as Cloudflare reported 89 attacks that exceeded 100 million requests per second. The largest attack peaked at 201 million requests per second, a figure three times larger than the prior record attack. 
  • Gaming and gambling companies were the most frequently attacked industries during the quarter, which coincided with major ransomware attacks against Las Vegas casino operators in late August and September.

Dive Insight:

The increase in DDoS attacks during the quarter highlighted a historic shift in global threat groups’ DDoS capabilities. 

Threat groups, including political hacktivists and other suspected actors, developed capabilities that shifted DDoS attacks from low-level annoyances into high volume and powerful cyber activities with severe disruptive capabilities. 

“New technology lowers the entry bar and makes it possible for small startups to create super performant and intelligent applications — one’s that would’ve required the resources and headcount of large enterprises in the past,” Omer Yoachimik, senior product manager ofDDoS protection and security reporting at Cloudflare, said via email.

Earlier this month, Cloudflare, Google and AWS released coordinated warnings about the HTTP/2 Rapid Reset vulnerability, as researchers from the cloud companies identified massive shifts in the volume and intensity of DDoS attacks. 

The Cybersecurity and Infrastructure Security Agency urged organizations to patch and make configuration changes to defend against the surge in activity. 

Fastly on Wednesday said it saw high volumes of attacks, but was able to rapidly deploy mitigation measures. The company said it observed an attack in late August measuring 250 million requests per second lasting about three minutes.

Earlier this month, officials at F5 warned the vulnerability could be used for DDoS attacks against Nginx Open Source, Nginx Plus and other related products. The company urged customers to update their Nginx configurations. 

Cloudflare noted a wave of attacks against Israeli media and financial institutions and rising activity against Palestinian websites.