Incident Report 121321 - Service Interruption
Summary of Report
On December 13 2021, our production system was impacted by what was eventually diagnosed as a Distributed Denial of Service (DDOS) attack causing partial or total unavailability of web app service in US commercial region. After an extensive troubleshooting procedure, we identified a possible vulnerability with VIDIZMO caching service that caused the web app to become unresponsive.
| ID | Problem Identification |
|---|---|
| DDOS-01 | Distributed Denial of Service (DDOS) |
Scope of Impact
The following resource was affected:
- Production systems in US region (commercial environment)
Used Tools
The following tools were used for root cause analysis:
| Tool | Description |
|---|---|
| NMAP | Nmap is a free and open-source network scanner |
| Wireshark | Wireshark is a free and open-source packet analyzer |
| WINDBG | WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system |
Line of Action - Associated Timelines
The following table provides detail about the timeline for resolution/restoration of services.
| ID | Problem Identification | Identification Date | Incident Resolution Date (Start to End) |
|---|---|---|---|
| DDOS-01 | Distributed Denial of Service (DDOS) | Dec 13, 2021 | Dec 13, 2021 - Dec 14, 2021 |
Remediation Procedure
Below are the details about actions performed to restore web services.
| Problem Identification |
|---|
| DDOS-01 - Distributed Denial of Service (DDOS) |
| Remediation Action |
| A patch update was installed to resolve the issue and restore services. |
| Threat Mitigation and Future Plan |
| Our anti DDOS security systems are active 24/7/365. We're closely monitoring the web app service to protect from such types of attacks in future. |