Legitimate Users & Data-Tables mini DDoS Attacks
Hagay Onn (the Spot)
InnovatiOnn ■ AI Lectures, Art, Consulting & Development ■ SW Architecture, Design, Implementation & Optimizations (Cloud, Data Pipelines, Automations) ■ Former C++ & Java RT developer. Current: Python & JS dev.
Some of the new Millennial attack-vectors, include Inner/Legitimate user actions. These actions can be used to steal data from organizations, or demand ransom after getting control over crucial parts of their system.
Other actions, that are less talked about, are used to maliciously slow or exhaust a web service resources. These attacks are like a small-order DDOS attacks, that don't take the service down, but make it slower for other users or available for less legitimate users by trying to exhaust the DB connections or use costly actions via the API. These attacks are usually going under the radar of most cyber defended platforms, since they don't seem like real attacks. The main idea is to decrease the number of attacking machines by using legitimate resource-consuming actions that statistically, are not meant to happen all at once from many users, or use them more frequently than regular users do.
This kind of attacks enable hackers, or competing companies, to increase the attacked organization's costs on underlying resources in order to serve what they think of as legitimate users.
Many web-services and apps are built in an architecture similar to that below:
From a hacker point of view, no need to waste time on attacking the Front-End (FE) servers, which are load-balanced clusters that can be scaled up easily and monitored, when the DB bottleneck can be slowed easily much better, sometimes from within. The new attack vector behaves like a slow DDoS attack, it's usually not seen as an issue many times, hard to be noticed, and it drains your resources and revenues quietly, all the Time!
By using complicated searches that use many SQL joins, for example, many times in every interval, or starting a lot of movie-downloads and cancelling them in the middle, the service can be slowed down. But... most companies are not even aware of that. That's why hackers and Blondes have more fun ;-)
Some Conclusions:
- Users-analytics is crucial, not only for increasing ads-revenues/ROI, and reducing costs, but for security aspects as well. Suspicious users are relatively easy to trace by their repeated actions, which show much more than the normal user.
- Use them as much as possible and build an automatic process to analyze user-actions by previous logs or other means, that can be done separately and independently from the the business platform.
- Analise your DB requests performance and try to reduce costly SQL events in the main user flows. Other option is to allow costly actions only to premium or privileged users (DB requests to move/delete collections, automatic scanners running every hour, etc.).
- Too many users are not always good (especially when they are fake... ;-)
Have a great weekend!
Hagay Onn
- Comment below for any help or question
- Happily connecting: [email protected]
- Follow me on Facebook, twitter, or Instagram
UX/UI SAAS Product Designer & Consultant ?? | Helping SAAS / AI companies and Startups Build Intuitive, Scalable Products.
5 个月???? ??? ?? ?? ???????? ??? ????? ???? ?????? ???: ?????? ????? ??? ??????? ?????? ??????, ?????? ?????? ??????,?????? ????? ????????. https://chat.whatsapp.com/BubG8iFDe2bHHWkNYiboeU