Cloudflare has helped identify and address a global zero day security vulnerability that gives cybercriminals the ability to launch attacks "larger than anything the internet had seen before," according to the company.
Cloudflare worked alongside Google and Amazon Web Services (AWS) to uncover and disclose the vulnerability.
In addition, Cloudflare has developed technology that automatically blocks any attacks that exploit the vulnerability, the company stated.
Introducing the "HTTP/2 Rapid Reset" Vulnerability
Cloudflare found the vulnerability, dubbed "HTTP/2 Rapid Reset," in August 2023. The company noted that the vulnerability was developed by an unknown threat actor and exploits the standard HTTP/2 protocol, which is essential to the operation of the internet and most websites.
HTTP/2 allows users to "request" to view images, text and other items on a website, Cloudflare pointed out. It is the basis for about 60% of web applications and determines the speed and quality of how users see and interact with a website.
With Rapid Reset, cybercriminals would submit thousands of "requests" and immediately cancel them. They would automate a "request, cancel, request, cancel" pattern, which would overwhelm websites and knock them offline.
To date, several attacks leveraging Rapid Reset were nearly three times larger than the largest distributed denial-of-service (DDoS) attack in internet history, a Cloudflare spokesperson told MSSP Alert. At the peak of the Rapid Reset DDoS campaign, Cloudflare recorded and handled over 201 million requests per second (Mrps) and the mitigation of thousands of additional attacks that followed.
How Cloudflare Addressed the HTTP/2 Rapid Reset Vulnerability
As Cloudflare experienced a Rapid Reset attack, the company embraced an "assume-breach" mindset, the business indicated. It worked with industry partners to find the best way to mitigate the attack.
During this time, Cloudflare developed technology that organizations could use to stop DDoS attacks and improve its own mitigations for Rapid Reset and other large cyberattacks, the business said.
Cloudflare also alerted its web server software partners that developed patches to ensure that the vulnerability cannot be exploited moving forward, the company noted.
How to Protect Against Large-Scale Cyberattacks
Rapid Reset has been mitigated, but similar problems can come up in the future. To guard against such issues, Cloudflare offers several recommendations, including:
- Understand your existing security protection and capabilities and how to protect, detect and respond to an attack and immediately remediate any network issues.
- Utilize DDoS protection for applications.
- Leverage web application firewalls.
Furthermore, MSSPs can teach organizations about Rapid Reset and other cyber threats. They can also provide organizations with security services that they can use to identify and remediate vulnerabilities before they escalate.