There was an exponential increase in HTTP (hypertext transfer protocol) distributed denial of service (DDoS) traffic in the third quarter this year, with attackers bombarding the gaming and gambling industries, according to Internet company Cloudflare.
DDoS attacks try to disrupt the availability of a website or application, and a newly uncovered HTTP/2 vulnerability has been used to launch DDoS attacks that far exceed previously recorded attacks, said the provider of content delivery network services.
This HTTP/2 request flood occurs when a high volume of illegitimate web requests overwhelms a web server’s ability to respond to legitimate client requests.
According to a recent Cloudflare report, the company had mitigated thousands of hyper-volumetric HTTP DDoS attacks, with 89 of them exceeding 100 million requests per second (rps) and the largest peaking at 201 million rps — a figure three times higher than the previous largest attack on record (71M rps).
The HTTP/2 campaign resulted in a 65 per cent increase in HTTP DDoS attack traffic in Q3 compared to the previous quarter.
Globally, Cloudflare found that the gaming and gambling industry experienced the largest volume of HTTP DDoS attack traffic, overtaking the cryptocurrency industry from last quarter.
However, in Asia-Pacific, the cryptocurrency industry remains the most attacked for the second consecutive quarter, with the gaming and gambling industry coming in second and third is the IT & Services sector.
When examining the total volume of attack traffic, the United States remains the main target of HTTP DDoS attacks. Almost 5 per cent of all HTTP DDoS attack traffic targeted the US, with Singapore having the second most attacks and China third.
Attacks in Asean
Cloudflare had more detailed insights into the Asean countries of Singapore, Thailand, Philippines and Indonesia as well.
Among these four countries, Cloudflare blocked an average of 5.4 billion cyber threats per day with Singapore as the target, a 26 per cent decrease from the previous quarter. This quarter had the highest daily average number of mitigated cyber threats this year.
The industries most targeted by cyberattacks in Singapore during the third quarter this year include cryptocurrency, computer software, banking, financial services and insurance (BFSI), retail, and IT & services.
For the attacks targeting the Philippines, Cloudflare blocked an average of 1.2 billion cyber threats per day , a 2 per cent decrease from the last quarter. The targeted top verticals include gaming and gambling, telecommunications, Internet, government administration, and BFSI.
Thailand saw a big jump in DDoS attacks. Cloudflare blocked an average of 942 million cyber threats per day targeting Thailand, a 342 per cent increase from the last quarter. The industries most targeted include gaming and gambling, retail, computer software, cryptocurrency, and telecommunications.
The recent wave of DDoS attacks shows no sign of abating. In Singapore, an attack earlier this month resulted in Web service outages of public hospitals and polyclinics.
While public healthcare and patient data was not compromised, the attack disrupted Internet connectivity to all public healthcare clusters in Singapore, and services like websites, e-mails and productivity tools for staff were not accessible.
Among the affected websites are those that belonged to Singapore General Hospital, National University Hospital and Tan Tock Seng Hospital.