Recently, we encountered a security incident for one of our major BFSI clients. This client was hit by a DDoS attack. The victim received an email the previous day asking them to either pay certain ransom amount or become the victim of this attack. The severity of the attack would increase if the victim did not pay the ransom money to the cyber-terrorist group. The victim was using a well-known Cloud Service Provider’s Network to host one of their static web application.

Modus Operandi

The attacker started off with intimating the client over the email and social media. To fake the ownership of the client’s website, the attacker bought a free tier server from Cloud Service Provider (CSP) and changed one of the DNS alias of their server to the client’s application which also was hosted on CSP and the client was using its CDN (Content Delivery Network) services. Now since they were present on the same network, it was difficult for CDS to detect any huge traffic inside their own network.

Loader.io serves as an online stress testing service. Initially, loader.io provides an agent that one needs to place on the server under the test to claim the ownership of the server. Once the agent is successfully placed and gets executed, one can schedule a load test from loader.io site which will then start sending out packets on a huge scale. The number of packets gradually increases over the period of time.