How Denial Of Wallet (DOW) Attacks Could Cost You Thousands
Everyone is aware of the threat of DDOS or DOS attacks - flooding your server with spurious requests until it becomes overwhelmed and your website becomes unavailable.
Increasingly, however, we are seeing something known as a Denial-of-Wallet attack. These attacks aim to artificially increase the costs of hosting and server utilization to a point where the client becomes financially exhausted, or a service becomes too expensive to use.
As companies have migrated to cloud infrastructure services such as Amazon and Google, the billing models have shifted from being simply maintenance-based - you pay for your servers and that's it - to pay-as-you-go, where your hosting automatically scales to usage. Cloud hosting is amazing for scalability, but a downside is that costs also increase as server usage does.
An attacker can exploit this by flooding a site or platform with excessive requests, forcing the environment to scale, which drives up costs.
These attacks can be very subtle - leech attacks designed to slowly raise the volume of requests over time so they appear organic - or that take advantage of things like e-mail blasts or other alerts to pile on to the requests in a way that's difficult to detect.
These attacks often make use of a variety of IPs, platforms, and networks simultaneously, making them difficult to detect.
It is possible to defend against these attacks - but it's not as straightforward as defending against a traditional DDOS attack given the subtle nature of these requests.
-Monitoring traffic patterns for anomalies is a good place to start.
-Proactive rate limiting against expensive functions can block the impacts of these attacks, or at least minimize them.
-Cost alerting on scalable services will flag spikes in billing, allowing you to implement preventative measures.
-AI is adept at detection and classification of malicious traffic, and can be utilized to distinguish and sort DOW traffic from normal utilization.
If your hosting costs have increased without a commensurate increase in traffic, it is possible you are experiencing DOW activity.
