A distributed botnet (from multiple IPs) is hitting one of our websites and is creating new accounts at a rate of 4 per second.
- Each hour 15k new accounts are created
- Usernames contain an unusual ‘fiction-based’ text (i.e. from books)
- Each new account has some impact on the back-end due to automated actions and workflows (i.e. auto-creation of albums and insertion into CRM tools)
Objective: Understand and contain issue(s) without any pushes to production
You can use any technology you want (ideally ones you have experience with) and any Group Security team size * Describe what you would do and how you would act (ideally in diagram format) * Who would you talk to? * What actions would you take to contain and remediate the issue(s)?
Resources and Technologies available:
- Techops, Webops, and Dev teams
- Slack, Jira, Confluence, ELK, Grafana, Nagios, Akamai, AWS, Cisco Firewalls, Landeks, and DarkTrace
Back to all challenges