Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw


Cloudflare announced on Thursday that it had thwarted thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that took advantage of a previously reported weakness known as HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS).

“The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter,” according to a report provided with The Hacker News by the online infrastructure and security company. “Similarly, L3/4 DDoS attacks also increased by 14%."x000D The overall number of HTTP DDoS attack requests in the quarter increased to 8.9 trillion, up from 5.4 trillion in the second quarter of 2023 and 4.7 trillion in the first quarter of 2023. In the fourth quarter of 2022, there were 6.5 trillion attack requests.

Read More…