theNet by CLOUDFLARE

A new threat has come to town


As the holiday season continues, the anticipation for record-breaking online traffic is palpable. This year, Cyber Monday alone shattered e-commerce records with $12.4 billion in online spending, globally. However, with the surge in online activity comes a dark underbelly— the holiday season has become a prime target for cyber attacks. In 2022, a staggering 83% of breaches involved external actors, predominantly driven by financial motives. A new threat has arrived just in time to take advantage of consumers looking to spread holiday cheer.



A new zero-day has risen

Dubbed "HTTP/2 Rapid Reset," a novel zero-day vulnerability has risen and poses a significant risk by allowing high-volume DDoS attacks, specifically targeting HTTP resources like web servers and web applications. This global vulnerability not only threatens to disrupt the online shopping experience but also reveals a worrying trend in cyber attacks, emphasizing speed and volume of requests over the traditional considerations of traffic size. The vulnerability itself is already extremely widespread. Approximately 62% of all Internet traffic uses the HTTP/2 protocol, this leaves the majority of web applications and servers at risk and vulnerable to this new attack. HTTP/3 network protocols that allow multiple streams of data to and from a server and a browser are also at risk.

The implications of the HTTP/2 Rapid Reset vulnerability extend beyond the immediate disruption of the online holiday shopping experiences. Businesses, especially those that rely heavily on e-commerce, have already faced severe consequences ranging from revenue loss to reputational damage. DDoS attacks leveraging this exploit can overwhelm servers, causing service outages, frustrating users, and tarnishing brand image. The emphasis on speed and volume in this new breed of attacks demands a re-evaluation of cyber security strategies. Traditional approaches, often focused on mitigating large-scale attacks, may prove insufficient against the rapid and targeted nature of HTTP/2 Rapid Reset attacks.



Securing your organization during the holiday season

As we all know, cyber attacks during the holiday season are not rare and while mitigating the HTTP/2 Rapid Reset threat is crucial, it's equally important to stay vigilant against existing threat tactics that can have an everlasting effect on your business. Let's examine three distinct attack types that commonly used to exploit organizations:

1. Phishing attacks:

Phishing remains a timeless weapon in the cyber criminal's arsenal, and the holiday season is an opportune time for these attacks. Cyber criminals often capitalize on the increased volume of online transactions and communications, crafting sophisticated phishing emails and fake websites to trick users into revealing sensitive information. As employees and customers are bombarded with holiday-themed promotions and offers, the likelihood of falling victim to a phishing attack rises significantly.

Prioritizing employee education and conducting regular training sessions on recognizing phishing attempts can go a long way in thwarting these attacks in addition to email security.

2. Ransomware:

Ransomware remains a significant menace across various sectors, comprising nearly 24% of breaches and experiencing a twofold increase in median costs over the past two years. The holiday season poses an elevated risk for retailers, as they cannot afford the compromise of their systems or data during their peak operational period.

Organizations should adopt a thorough and diverse approach to effectively prevent and alleviate the impact of ransomware, especially as emerging extortion tactics amplify the potential repercussions of an attack. Embracing a Zero Trust security model is one way to reinforce a network’s perimeter and limit lateral movement.

3. Credential Stuffing:

Another old but persistent threat that gains momentum during the holidays is credential stuffing. With individuals using various online platforms for shopping, cyber criminals take advantage of reused passwords across different sites. According to one study, 44% of surveyed employees were found to use the same login credentials across both personal and work accounts. Once a set of credentials is compromised, attackers can leverage automated tools to test those credentials on other platforms, exploiting the common practice of using the same password across multiple accounts.

To counter credential stuffing, organizations should look to implement multi-factor authentication wherever possible. Implementing a web application firewall (WAF) can help to block requests that use exposed credentials.


Security beyond the holidays

As the holiday shopping season wraps up and the new year begins, organizations are facing threats that will extend seasonal patterns - the need to regain control of security and IT will be a key priority for 2024 and beyond. A new cloud model, the connectivity cloud has emerged as a pivotal component of a robust network that connects and protects.

Cloudflare is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.


Dive deeper into this topic.

Learn more about how to protect your organization year round in the Connectivity cloud: A way to take back IT and security control ebook.



Key takeaways

After reading this article you will be able to understand:

  • Latest zero-day vulnerability impacting digital business

  • 3 persistent threats to safeguard against

  • How to regain control of Security and IT year-round



Receive a monthly recap of the most popular Internet insights!