Denial of Wallet is an attack that typically targets cloud-based applications and micro-services with the end goal of driving resource utilization far beyond the allocated budget, resulting in an application denial of service. Using the application business logic such as account login, new account creation, shopping cart, or comments, these attacks will generate a massive spike in the number of requests to initiate an application scaling event that in turn, results in the deployment of more CPUs, memory, storage, and other supporting IaaS elements (e.g., WAF, load balancing, logging). The spike in service usage results in an unexpected billing increase at the end of the month.
Denial of wallet results in resource overutilization and application instability
Denial of Wallet can target any industry with the goal of inflicting monetary damage while rendering the application unusable – an application level denial of service. In some cases, Denial of Wallet is a secondary result brought on by the over consumption of cloud resources for the purposes of harvesting bitcoin, executing automated attacks or other malicious activity.