Incident Report 121321 - Service Interruption
Summary of Report
On December 13 2021, our production system was impacted by what was eventually diagnosed as a Distributed Denial of Service (DDOS) attack causing partial or total unavailability of web app service in US commercial region. After an extensive troubleshooting procedure, we identified a possible vulnerability with VIDIZMO caching service that caused the web app to become unresponsive.
ID
Problem Identification
DDOS-01
Distributed Denial of Service (DDOS)
Scope of Impact
The following resource was affected:
- Production systems in US region (commercial environment)
Used Tools
The following tools were used for root cause analysis:
Tool
Description
NMAP
Nmap is a free and open-source network scanner
Wireshark
Wireshark is a free and open-source packet analyzer
WINDBG
WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system
Line of Action - Associated Timelines
The following table provides detail about the timeline for resolution/restoration of services.
ID
Problem Identification
Identification Date
Incident Resolution Date (Start to End)
DDOS-01
Distributed Denial of Service (DDOS)
Dec 13, 2021
Dec 13, 2021 - Dec 14, 2021
Remediation Procedure
Below are the details about actions performed to restore web services.
Problem Identification
DDOS-01 - Distributed Denial of Service (DDOS)
Remediation Action
A patch update was installed to resolve the issue and restore services.
Threat Mitigation and Future Plan
Our anti DDOS security systems are active 24/7/365. We're closely monitoring the web app service to protect from such types of attacks in future.