CISA Calls on Service Providers to Patch Exploit Behind DDoS Attack

The Cybersecurity and Infrastructure Security Agency is calling on internet service providers to remediate Rapid Reset, a widespread vulnerability that led to the largest distributed denial-of-service attack ever.

In a joint statement on Tuesday, Amazon Web Services, Cloudflare and Google explained that malicious actors exploited a feature in the Hypertext Transfer Protocol/2 system that allows large numbers of requests to be sent and canceled, Nextgov/FCW reported.

Google noted that the DDoS attack, which has not been attributed to any known entity, generated over 398 million requests per second.

To intensify the assault, the perpetrators also used remote-controlled networks of hijacked computers known as botnets.

The tech companies said the DDoS attack did not cause any outages.

According to CISA, a DDoS attack occurs when threat actors coordinate multiple machines to overwhelm network resources, preventing legitimate users from accessing them.

CISA recently issued pointers to reduce the risk of such attacks on federal agency websites and services. The document is meant to guide impact analyses to determine how protections should be applied.