Wednesday 25 October, 2023

The National Cyber Security Center (NCSC) under the PNG Department of Information and Communications Technology (DICT) has announced the discovery of a new kind of cyber-attack called the ‘HTTP/2 Rapid Reset Attack’.

FortiGuard described the new attack as a Distributed Denial-of-Service (DDoS) attack, which it takes advantage of a weakness in the way the HTTP/2 protocol works.

This is a serious problem because it’s a previously unknown vulnerability that’s being actively used by hackers, meaning it’s a previously unknown and unpatched weakness in the software that hackers take advantage.

Here’s how it works: The attack sends a lot of web requests to servers that use HTTP/2, overloading them and causing resource exhaustion. This can lead to these servers becoming inaccessible, causing a disturbed denial of service.

To protect your online applications from such attacks, security experts at FortiGuard recommend using services like a Web Application Firewall (WAF) and an Application Delivery service, which can help balance the load and improve security.

If you’re using web services that use HTTP/2, it’s important to regularly check for patches and other ways to defend against this type of attack.

For added security, Forti Web customers can limit the number of requests a single user can make using the ‘HTTP Protocol Constraints.’

For more details, you can check out FortiGuard’s announcement here:…/http2-rapid-reset-attack

Leave a Reply

Your email address will not be published. Required fields are marked *