Thursday, October 12, 2023

CLOUDFLARE DETECTS VULNERABILITY BEHIND LARGEST ATTACK IN INTERNET HISTORY



KUALA LUMPUR, Oct 11 (Bernama) -- Cloudflare Inc, the connectivity cloud company, announced it has helped lead the disclosure of a new novel zero-day vulnerability, dubbed “HTTP/2 Rapid Reset”, alongside industry peers to make the Internet more secure for everyone.

According to Cloudflare in a statement, this global vulnerability gives attackers the ability to generate attacks larger than anything the Internet had seen before.

To help mitigate the impact of this new threat for the entire Internet ecosystem, Cloudflare developed technology purpose-built to automatically block any attack leveraging Rapid Reset for its customers.

Cloudflare successfully mitigated these issues and halted potential abuse for all customers, while simultaneously kicking off a responsible disclosure process with two other major infrastructure providers, to extend mitigations for this vulnerability to a large percentage of the Internet prior to disclosing its existence to the general public.

“Successfully mitigating this threat for every critical infrastructure organisation, customer and the Internet at-large is the lifeblood of what Cloudflare stands for.

“We are one of the only companies equipped to identify and address threats of this magnitude, at the speed required to maintain the integrity of the Internet,” said Cloudflare Chief Executive Officer, Matthew Prince.

In late August, Cloudflare discovered a zero-day vulnerability, developed by an unknown threat actor. The vulnerability exploits the standard HTTP/2 protocol, a fundamental piece to how the Internet and most websites operate.

“Rapid Reset” provides threat actors with a powerful new way to attack victims across the Internet at an order of magnitude larger than anything the Internet has seen before.

Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest distributed denial-of-service (DDoS) attack in Internet history.

At the peak of this DDoS campaign, Cloudflare recorded and handled over 201 million requests per second (Mrps), as well as the mitigation of thousands of additional attacks following.

-- BERNAMA

No comments:

Post a Comment