Home Network Security Network Security Perimeter 81 23.07.2024 4 min read What Is a Zero-Day DDoS Attack? A zero-day DDoS (distributed denial-of-service) vulnerability is a security flaw that remains undiscovered by a server provider and its clients – until the zero-day vulnerability is used to bring down servers and drastically bloat latency. Perimeter 8123.07.20244 min readTable of ContentsThe Dangers of a Zero-Day AttackWhy Zero-Day DDoS Attacks HappenHow to Protect Against Zero-Day DDoS AttacksReduce Your Attack Surface with Perimeter81 The Dangers of a Zero-Day Attack Functional zero-days have been known to request prices from thousands to hundreds of thousands or even millions. These high costs are thanks to zero-days’ novelty: businesses are left essentially defenseless against new attacks that consume server resources, rack up cost, and leave services partially or completely unavailable for the duration of the attack. One of the most recent, record-breaking DDoS zero days was the HTTP rapid reset mechanism. The HTTP Protocol HTTP (Hypertext Transfer Protocol) is a protocol that defines the transfer of data between a client and a server- making it a building block of the web. In HTTP/1, requests are handled one after another. The server will take a request, process it, send back a response, and then move on to the next request. HTTP/2 was an evolution of this – standardized in 2015, this allows a client to send multiple requests simultaneously over a single connection. Each request is assigned its own stream, and these streams are processed in parallel by the server. Leading to far more rapid data delivery, clients are able to open around 100 streams per request. A Novel Approach In late 2023, a novel approach to DDoS attacks surfaced that directly abused this system. Opening a large number of streams all at once, a threat actor controlled client would then immediately send a cancel request for each. Before any of the connections’ data was processed, the server received the RST_STREAM frame, and reset the stream. As each request was explicitly canceled, attackers were able to ramp up the number of connections indefinitely: as a result, the number of in-flight requests were limited only by the victim server’s available bandwidth. In this attack, victims were forced to mitigate up to 201 million requests per second. This was particularly concerning as it achieved these record-breaking volumes with a small botnet of just 20,000 machines. Why Zero-Day DDoS Attacks Happen The motivation for finding brand new mechanisms through which to conduct DDoS attacks is often simple: malicious actors want to remove victims’ access to their own servers. The highly public nature of DDoS attacks – wherein national or even global services go down – lends the attack vector perfectly for politically-motivated attackers. The big, noticeable public impact of these types of attacks makes them perfect as an intimidation tool within wider campaigns. Supercharge Your Business Security Request Demo Start Now How to Protect Against Zero-Day DDoS Attacks Here’s how you can protect your organization against zero-day DDoS attacks. Keep on Top of Threat Intel First and foremost is an organization’s own cyber agility. This is built by an in-depth understanding of the codebase your enterprise relies on, and the attack surface facing it. Offering a degree of automation are solutions that actively scan for security vulnerabilities, review errors, and identify any issues that have been introduced within a new patch. But, this process can’t detect all zero-days – and it still relies on one key aspect: how quickly the results of a scan can be acted upon and mitigated. This is why it’s common for organizations relying solely on vuln scanners to be outmaneuvered by attackers – instead, a more mature approach takes a wider view. Take the aforementioned zero-day: blocking the individual connections wouldn’t have stymied the attack. Instead, the entire TCP connection needed to be closed. As such, understanding the underlying behavior of the attack is one of the best methods of prevention. Utilize Behavior-based protection Behavioral analysis remains one of the most promising ways of defending against zero-day attacks. In the realm of DDoS, the behaviors to track revolve around connection statistics and request patterns. By developing an understanding of your servers’ total requests, streams per connection, and canceled requests, it’s possible to build a picture of their normal behaviors. Analyzing these request patterns lets you know when anomalous activity starts to crop up – and take appropriate action. Build Resilience In the event of a potential attack, your security team needs to know who’s affected and why. This is where your team needs to be kept dialed into the real-time zero-day threats facing your organization via a comprehensive dashboard. On the technical side, keeping your servers’ IP addresses hidden prevents targeting by attackers. This can be achieved by a reverse proxy, or by partnering with a solution that encrypts your unprotected network. Reduce Your Attack Surface with Perimeter81 Perimeter81’s cloud-based SASE offers a software-defined perimeter, within which users and their devices undergo authentication prior to connection. Supported with identity verification from market leaders, Perimeter 81 significantly reduces your attack surface by bringing all users into one network security tool. From there, limit third-party access exclusively to specific applications, and limit user visibility into the entire network. Restrict application access based on user, time, location, and browser. Maintain full-stack security across all ports and layers, and support remote users with high-grade encryption. Prevent DDoS attacks from bringing down your network with Perimeter 81. FAQs What is a zero-day DDoS attack?A zero-day DDoS attack is a form of cyber assault where attackers exploit a previously unknown vulnerability to flood a network or service with traffic, causing disruption or downtime before a patch is issued. How do zero-day DDoS attacks differ from regular DDoS attacks?Zero-day DDoS attacks differ from regular DDoS attacks in that they target software vulnerabilities that are unknown to the software vendor or public, making them harder to predict and mitigate. Why are zero-day DDoS attacks particularly dangerous?They represent a unique threat thanks to their unknown mechanisms, leaving organizations unprepared and unable to quickly defend against the onslaught, leading to potentially significant damage and disruption. Can zero-day DDoS attacks be prevented?While challenging to prevent due to their unpredictable nature, organizations can mitigate risk by employing robust security measures, such as advanced threat detection, regular system and software updates, and comprehensive incident response plans. What should organizations do if they experience a zero-day DDoS attack?If an organization experiences a zero-day DDoS attack, they should immediately activate their incident response plan, work with cybersecurity experts to identify and mitigate the vulnerability, and communicate transparently with stakeholders about the attack and the measures being taken to address it. Do you have more questions? Let’s Book a Demo Related LinksAlways On VPNBusiness VPNDevSecOpsFirewall as a ServiceIPSECWhat Is The OSI Model?Wireguard VPNWhat is Zero Trust? Looking for a Top-Notch Security for Your Business? Supercharge your Security today with Perimeter 81. Request Demo Start Now ComplianceHIPAAThe HIPAA Act is a federal law that requires the creation of national standards in order to protect sensitive patient health information Read more16 min readNetwork SecurityWhat is Zero Trust?Zero Trust provides employees with more secure access to resources, network, and applications based on user permissions, and authentication.Read more4 min readNetwork SecurityFirewall as a ServiceFirewall as a Service unifies traffic inspection and infiltration prevention for all your organization’s resources with one cloud-based firewall, and it is a crucial part of Perimeter 81’s Network as a Service platform.Read more8 min read Get Free Demo Now
ComplianceHIPAAThe HIPAA Act is a federal law that requires the creation of national standards in order to protect sensitive patient health information Read more16 min read
Network SecurityWhat is Zero Trust?Zero Trust provides employees with more secure access to resources, network, and applications based on user permissions, and authentication.Read more4 min read
Network SecurityFirewall as a ServiceFirewall as a Service unifies traffic inspection and infiltration prevention for all your organization’s resources with one cloud-based firewall, and it is a crucial part of Perimeter 81’s Network as a Service platform.Read more8 min read