Record Surge in DDoS Attacks, Driven by Advanced Exploits and AI Tools
Distributed denial of service (DDoS) attacks reached a record high in 2023, with a notable increase in the fourth quarter, as reported by Cloudflare. A key factor in this surge was the exploitation of the HTTP/2 Rapid Reset zero-day vulnerability. Cloudflare experienced peak mitigation of around 201 million requests per second during these attacks. The ease of launching massive DDoS attacks has grown; in 2024, it only requires 5,000 to 20,000 virtual machines to exceed 100 million requests per second, a significant reduction in resources compared to previous years. Additionally, generative AI tools have been used to refine attack scripts. Retail, shipment, and public relations sites were prime targets, particularly during the holiday season. Cloudflare also noted a shift in attack methods, with a decrease in HTTP DDoS attacks but an 85% increase in network-layer attacks.
Cloudflare has purpose-built technology to mitigate exploiting the HTTP/2 vulnerability.
Cloudflare Report: https://blog.cloudflare.com/ddos-threat-report-2023-q4
Resource: https://www.cybersecuritydive.com/news/ddos-attacks-surge-cloudflare/704011/?&web_view=true
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
The Krebs on Security article details the activities of Ika and Sal, two Russian men heavily involved in cybercrime through their administration of the Spamdot forum and bulletproof hosting services. They played crucial roles in global spam operations and cybercrimes, with connections to major malware groups and cybercriminals, including the Zeus Trojan’s author.
Fallout Mounting From Recent Major Health Data Hacks
Recent major health data breaches at Perry Johnson & Associates, Prospect Medical Holdings, and Orrick, Herrington & Sutcliffe LLP are intensifying. PJ&A’s breach impacted nearly 9 million individuals, with additional clients like North Kansas City Hospital reporting over 502,000 affected patients. Prospect Medical’s August ransomware attack affected over 342,000 individuals, with more health plans being impacted. Orrick’s hack in March affected over 637,000 people. The scope and legal consequences of these breaches are expanding as investigations continue.