Have you come across the Rapid Reset Attack? It sounds like the name of a move from a video game, right? But, in this case, it is unfortunately not good news. It's a type of DDoS attack that clogs up the websites by abusing the HTTP/2 protocol. In short, hackers are using that to overload sites so they either crash or become unbearably slow.
I became aware of it and then subsequent conversation I was seeing of large online attacks reaching record levels. Come to discover, a number of these were sparked by this bug - CVE-2023-44487.
Here is a simplified explanation of how the Rapid Reset Attack works:
• Hackers send thousands of requests to a server.
• Then — immediately — they cancel the requests.
• The server still has to go through the work of starting and stopping.
• Repeat this thousands of times and the server is stuck.
This approach is cheap and easy for the attacker, and it makes it difficult for the website.
What’s even more scary than it being a bug, is that an attacker does not need to have a super powerful machine to do it. Even a smaller group of hacked computers (botnets) can cause a lot of havoc.
If you are a server owner, this is what helps:
I became aware of it and then subsequent conversation I was seeing of large online attacks reaching record levels. Come to discover, a number of these were sparked by this bug - CVE-2023-44487.
How It Works?
You can picture it now with some circumstances at a coffee shop. You are standing in line waiting to place your order, when a bunch of pranks decide to constantly place their order, cancel it, and reorder. So, you are wasting time in the line while the cashier is sorting through everything, and well you never get your coffee.Here is a simplified explanation of how the Rapid Reset Attack works:
• Hackers send thousands of requests to a server.
• Then — immediately — they cancel the requests.
• The server still has to go through the work of starting and stopping.
• Repeat this thousands of times and the server is stuck.
This approach is cheap and easy for the attacker, and it makes it difficult for the website.
Does It Even Matter?
You might ask: “Well, I don’t own a big website so why do I need to care?” Well, bug impacts major websites, cloud services, and apps we all use and if those sites or services go down, we all feel it.What’s even more scary than it being a bug, is that an attacker does not need to have a super powerful machine to do it. Even a smaller group of hacked computers (botnets) can cause a lot of havoc.
What Is Being Done?
Here’s the good news, security teams moved fast. Major companies, for example, Google, Microsoft, and AWS, have already made patches available, although, as we have also learned, servers are not always updated immediately.If you are a server owner, this is what helps:
- Update your environments with fixes and monitoring changes.
- Use DDoS protection methods.
- Look for sudden spikes in traffic. This could signify a newly-hatched attack.
