{"id":1857,"date":"2023-10-10T20:49:07","date_gmt":"2023-10-10T20:49:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77533"},"modified":"2023-10-10T20:49:07","modified_gmt":"2023-10-10T20:49:07","slug":"largest-ever-ddos-leverages-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/10\/10\/largest-ever-ddos-leverages-zero-day-vulnerability\/","title":{"rendered":"Largest-ever DDoS leverages zero-day vulnerability"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Largest-ever DDoS leverages zero-day vulnerability | CyberScoop<\/title> <meta name=\"description\" content=\"A new zero-day led to the largest distributed denial of service attack ever seen on the internet, according to a group of tech companies.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/largest-ddos-cloudflare-amazon-google\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Largest-ever DDoS leverages zero-day vulnerability\"> <meta property=\"og:description\" content=\"A new zero-day led to the largest distributed denial of service attack ever seen on the internet, according to a group of tech companies.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/largest-ddos-cloudflare-amazon-google\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-10-10T20:49:07+00:00\"> <meta property=\"article:modified_time\" content=\"2023-10-11T14:15:44+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1695397585g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1696961159g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1696959155g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77533\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77533\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Flargest-ddos-cloudflare-amazon-google%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Flargest-ddos-cloudflare-amazon-google%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77533 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/largest-ddos-cloudflare-amazon-google\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.832775919732\">\n<div class=\"single-article__header-content\" readability=\"30.512820512821\">\n<p> A new zero-day led to the largest distributed denial of service attack ever seen on the internet, according to a group of tech companies. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/largest-ever-ddos-leverages-zero-day-vulnerability-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Network data transfer speed on a dark background. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"38.449860370652\"><body readability=\"77.768833849329\"><\/p>\n<p>Distributed denial of service attacks just keep getting bigger. On Tuesday, a coalition of tech giants revealed the biggest one yet, a DDoS campaign from August that compressed a month\u2019s worth of Wikipedia traffic into a two-minute deluge and exploited a flaw in the fundamental technology powering the internet to do it. <\/p>\n<p>At its peak, the DDoS campaign described by Google, Cloudflare and Amazon AWS reached more than 398 million requests per second (RPS) \u2014 more than eight times larger than the biggest DDoS attack previously observed by Google, which clocked in at 46 million RPS, <a href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps\">according to the firm<\/a>. The new attack uses a novel method that exploits a zero-day vulnerability dubbed \u201cHTTP\/2 Rapid Reset,\u201d which takes advantage of the protocol that manages how computers request data from websites.<\/p>\n<p>\u201cFor a sense of scale, this two-minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023,\u201d Google said Tuesday.<\/p>\n<p>The DDoS attacks using the vulnerability have been ongoing since August and have targeted major infrastructure providers like Google Cloud, Cloudflare and <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/how-aws-protects-customers-from-ddos-events\/\">Amazon Web Services<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The largest DDoS attack previously observed by Cloudflare clocked in at 71 million RPS. But Cloudflare has now observed more than 180 instances in which that record has been broken by malicious actors using the Rapid Reset vulnerability and in excess of an additional 1,000 instances in which DDoS campaigns using the vulnerability have broken the 10 million RPS range. <\/p>\n<p>Cloudflare deems the vulnerability that enabled the massive traffic attack \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487\">CVE-2023-44487<\/a> \u2014 a zero-day, but its exploitation has not been attributed to any specific actor. The exploit takes advantage of a stream cancellation feature used by HTTP\/2, which is used by <a href=\"https:\/\/blog.cloudflare.com\/http3-usage-one-year-on\/\">roughly 60 percent of browser traffic<\/a>.<\/p>\n<p>\u201cThe client opens a large number of streams at once as in the standard HTTP\/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately,\u201d Google <a href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/how-it-works-the-novel-http2-rapid-reset-ddos-attack\">wrote<\/a>.<\/p>\n<p>The attack is efficient. Only 20,000 botnets were used in the campaign, which is a far cry from the typical number of infected machines used in a DDoS attack, Cloudflare <a href=\"https:\/\/blog.cloudflare.com\/zero-day-rapid-reset-http2-record-breaking-ddos-attack\/\">wrote<\/a>.<\/p>\n<p>\u201cThere are botnets today that are made up of hundreds of thousands or millions of machines,\u201d Cloudflare said. \u201cGiven that the entire web typically sees only between 1\u20133 billion requests per second, it\u2019s not inconceivable that using this method could focus an entire web\u2019s worth of requests on a small number of targets.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Alex Forster, the tech lead for DDoS mitigation at Cloudflare, warned that today\u2019s disclosure sets off a race between who can patch before someone exploits the vulnerability. \u201cOrganizations should assume that systems will be tested, and take proactive measures to ensure protection,\u201d Forster said in an email.<\/p>\n<p>Earlier this year, Cloudflare warned of <a href=\"https:\/\/cyberscoop.com\/cloudflare-ddos-escalation\/\">increasingly sophisticated DDoS attacks<\/a> that can be highly disruptive to organizations unprepared to handle the onslaught of traffic. Cloud-based virtual machines and virtual private servers are helping to enable larger attacks, and denying access to websites represent an easy way for hacktivist groups to deliver <a href=\"https:\/\/cyberscoop.com\/taiwan-china-ddos-pelosi-visit\/\">political messages<\/a>.<\/p>\n<p>While larger DDoS attempts are anticipated, the attack announced Tuesday was unexpected even when taking into account the increasing volumes, said Damian Menscher, a security reliability engineer that focuses on DDoS at Google.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"wp-block-embed wp-embed-aspect-16-9\">\n<div class=\"wp-block-embed__wrapper\" readability=\"6.4903846153846\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\" readability=\"6.9230769230769\">\n<p lang=\"en\" dir=\"ltr\">While exponential growth in DDoS volumes is expected, this is a rare outlier event that sits well above the trend-line. Even the largest providers must efficiently handle malicious traffic to absorb these 0-day events without impact. 3\/3 <a href=\"https:\/\/t.co\/oT8kr2u6nb\">pic.twitter.com\/oT8kr2u6nb<\/a><\/p>\n<p>\u2014 Damian Menscher (@menscher) <a href=\"https:\/\/twitter.com\/menscher\/status\/1711715947135017392?ref_src=twsrc%5Etfw\">October 10, 2023<\/a><\/p><\/blockquote>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/largest-ddos-cloudflare-amazon-google\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Largest-ever DDoS leverages zero-day vulnerability | CyberScoop Skip to main<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1064,632,174,387,288],"tags":[1065,633,178,391,294],"class_list":["post-1857","post","type-post","status-publish","format-standard","hentry","category-amazon-web-services-aws","category-cloudflare","category-ddos","category-google","category-threats","tag-amazon-web-services-aws","tag-cloudflare","tag-ddos","tag-google","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amazon-web-services-aws\/\" rel=\"category tag\">Amazon Web Services (AWS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudflare\/\" rel=\"category tag\">Cloudflare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ddos\/\" rel=\"category tag\">DDoS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1857"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1857\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}