Amazon Web Services confirmed it was hit with a new type of Distributed Denial of Service (DDoS) attack that flooded websites and applications with over 155 million requests per second.
“This might have disrupted businesses, but thanks to the efforts of AWS engineers our customers were quickly protected from this new attack,” said AWS CEO Adam Selipsky in a blog post.
Selipsky said at the end of August, AWS security teams noticed a new type of HTTP request flood that targeted customers, with the DDoS attack designed to make websites and applications unavailable to users.
“Our security team helped discover and defend customers against a new type of DDoS attack called the HTTP/2 Rapid Reset attack,” said Selipsky.
The HTTP/2 Rapid Reset Attack
Although DDoS attacks are common, the HTTP/2 Rapid Reset cyberattack was different due to its size and scale.
“This particular attack … was driving more than 155 million requests per second,” said Tom Scholl, AWS vice president and distinguished engineer, in a statement. “If you have more than 100 million requests at once, this can consume large amounts of resources and prevent normal traffic from being processed.”
Other IT giants including Google and Microsoft also recently confirmed that they successfully mitigated the HTTP/2 Rapid Reset cybersecurity attack in August and September. Google, for example, said it was receiving nearly 400 million requests per second.
A DDoS attack can cause massive issues for businesses, such as driving up costs and preventing workers from accessing information or digital services. AWS’ MadPot threat intelligence tool can trace the attack back to the true sources or servers of the cybercrime by using intelligence gained from network sensors and threat disruption using AWS network control and cooperation with other companies.
The Seattle-based $88 billion cloud computing giant was able to quickly protect customers from the HTTP/2 Rapid Reset attack.
“Together with other tech companies, AWS also worked on developing further countermeasures to improve how such attacks are handled across the industry,” said Selipsky.
How The HTTP/2 Rapid Attack Was Possible
The massive DDoS attack was possible because of a zero-day vulnerability in the HTTP/2 internet protocol, which is the successor to HTTP and has been highly adopted over the past few years due to its efficiency in mobile.
The DDoS attack flooded websites and applications with data requests at an unprecedented pace.
“People have found a way to talk to web servers much more aggressively and at much higher rates than in the past,” said AWS’ Scholl. “A request flood is essentially someone asking for data. The server goes to get that data, but then the requester doesn’t want it. It’s a bit like calling someone repeatedly and hanging up as soon as they answer.”
In the HTTP/2 Rapid Reset attack case, AWS said the company also built a reproduction in its labs of whatever the bad actors are doing to better understand how their attack works and to test the strength of AWS’ systems against it.
AWS partner AllCloud said AWS cybersecurity capabilities are becoming a hot selling point to customers in 2023, particularly in the SMB market.
“A lot of clients are worried about cybersecurity,” said Gabriel Romero, global head of alliances and chief marketing officer at AllCloud. “The interesting thing is, we’re seeing more SMB customers worry about cybersecurity now. It used to be a big enterprise-type thing. Now, a $25 million or $50 million company is worried about cybersecurity just as much.”