New DDoS 'HTTP/2 Rapid Reset' Method Abused In Attacks Worldwide

A zero-day DDoS technique called 'HTTP/2 Rapid Reset' broke records in magnitude since August. Amazon, Cloudflare, and Google jointly reported mitigating attacks, reaching 155 million rps (Amazon), 201 million rps (Cloudflare), and a record-breaking 398 million rps (Google). Cloudflare faced a threefold increase in attack size compared to its previous record, with only 20,000 machines in the botnet. Since late August, Cloudflare handled over a thousand 'HTTP/2 Rapid Reset' DDoS attacks surpassing 10 million rps, with 184 exceeding the previous 71 million rps record. Expect even larger records as threat actors use more extensive botnets and this new attack method. Read more...