DDoS attacks record a sharp increase in the third half of 2023 according to Cloudflare analysis. The increase would be due to the discovery of a vulnerability making the work of hackers easier.
Just because we can’t see them doesn’t mean they don’t exist. Collective attacks by saturation of services (or their old names DDoS attacks) are quasi-permanent. The figures of Cloudflare are also impressive: in the first half of 2023, there were 4700 billion, just that. What is more worrying is their gradual rise in power, until the explosion at the end of the year. If the 2nd semester recorded 5400 billion attacksthe last one displays a record of 8900 billionbe one 65% increase compared to previous months.
DDoS attacks are more numerous, but also more powerful. Among all those recorded, 89 exceeded 100 million requests per second (rps). This is alarming when we remember that in February, the record reached “only” Rp71 million. It has since largely fallen with Google blocking a Rp398 million denial of service attack. It was also on this occasion that the security breach responsible: the Quick Reset (Rapid Reset), which exploits a functionality of the HTTP/2 protocol.
DDoS attacks increased by 65% compared to last half year
The vulnerability allows hackers to throw Stronger DDoS attacks with fewer resources. “Cloud-based botnets leveraging HTTP/2 are capable of generating up to 5,000 times more force per network node. This allows them to launch hyper-volumetric DDoS attacks with a small network of 5 to 20,000 nodes,” underlines Cloudflare.
Typically, these attacks target thevideo game industryof the telecommunicationsof software or even cryptocurrencies. The hackers are mainly based in the United States, China, Brazil, Germany and Indonesia, while the victims reside in Singapore, China, Vietnam, Canada and the USA. Cloudflare specifies that almost half of collective service saturation attacks target DNS (47%), which represents a 44% increase of this type of attack compared to the last semester.
Source: Cloudflare