Skip to content

Cyber accountability

Who is accountable, and why?

A cloud service provider offers various services such as Software as a Service (SaaS), which operates over the internet. For example, users can access an application like Salesforce without needing to install it directly on their local computers. Instead, the application is hosted in the cloud, allowing users to visualize data reports and perform tasks from any location while keeping HR and personal systems as secure as possible within a data center environment.

In February 2020, a major cloud provider experienced a Distributed Denial of Service (DDoS) attack that reached a peak volume of 2.3 Tbps (terabits per second). This measure refers to the amount of data transmitted every second, typically used to determine bandwidth or internet speed. You can read more about this concept here: What is Bandwidth and How Does it Correlate to Data Rate and Data Throughput.

This DDoS attack is considered one of the largest in history. However, limited details have been released about the incident—no information regarding the target, the origin of the attack, or specific insights into the involvement of "bad bots" and application vulnerabilities.

A major cloud provider offers services ranging from Development as a Service (DaaS) to storage solutions and a vast marketplace that handles sensitive customer transactions. Despite its scale, several questions remain unanswered about the incident:

  • 2.3 Tbps peak attack volume: Does this mean the attackers managed to overwhelm the servers with such high bandwidth? If so, how were they able to generate such an enormous amount of bandwidth?

  • Bad bots: Were these bots operational and left unpatched, or were they not effectively blocked from the network?

  • Application vulnerabilities: Were these issues related to in-house applications or third-party connectors? Which applications were vulnerable, and why?

  • Timeline: The only detail provided is February 2020. Was this the start of the DDoS attack, or was it when the issue was resolved?

  • No attackers identified: No mention of perpetrators or legal actions, leaving a gap in accountability.

Understanding these specifics would help cybersecurity professionals analyze what went wrong, document the findings, strengthen playbooks, and proactively monitor for warning signs in similar situations. The lack of transparency suggests the cloud provider may have resolved the issue, but without sharing lessons learned or corrective actions, it erodes consumer trust. As a cybersecurity professional and a concerned customer, I find it troubling that such a significant event has not been properly addressed or explained.