Cybersecurity start-up CloudSEK hit by DDoS attack for nearly a week

CloudSEK leverages Artificial Intelligence and Machine Learning to combat cyber threats.

For nearly a week, cybersecurity start-up CloudSEK was bombarded with a barrage of distributed denial of service (DDOS) attacks, a type of cyber attack where threat actors flood the website and crash its servers so that users cannot access it.

Rahul Sasi, CloudSEK's CEO and founder claims that the recent cyber attack, which started on May 31 was "probably retaliation" to a research they published on SpinOk, a malware, which allegedly compromised 101 apps on Google Play Store on the same day.

Moneycontrol has not been independently able to verify the claim and Cloudsek admits that there is no direct evidence to support the same.

"Within 72 hours, we were hit with over 1.62 Billion requests, which served 4TB traffic. Over 6.38 Million distinct IP addresses were identified as sources of the attack. And this is something we have never seen before," a blog by the start-up said.

CloudSEK said that it detected a consistent pattern indicating that a significant portion of the attack originated from Android emulators. An Android emulator is a software application that allows your mobile to imitate Android OS features on your PC.

"Based on this, we assume that the attackers are attributed to our recent discovery of a highly alarming supply chain attack targeting millions of Android users. Based on our research google took down dozens of apps that were infected by this group," Sasi said in a LinkedIn post on June 8.

"A noteworthy aspect of this DDoS attack was the diverse geographical origin of the malicious traffic. Notably, a significant portion of the traffic originated from India, accounting for a majority of the total requests followed by Pakistan, Nepal, Bangladesh and the UAE. This broad international distribution of attack sources further complicated the defence and mitigation efforts for CloudSEK," the blog further explained.

In their May 31 research, CloudSEK researchers found 101 compromised apps with SpinOK Android malware distributed as an advertisement software development kit (SDK).

"More worryingly, 43 of these apps are still active on the Play Store, some with 5+ million downloads. In total, we estimate 30 million users to be affected by this additional set of apps," the start-up said in their research paper.

"The Android.Spy.SpinOk virus detects hidden spyware in marketing modules and the apps they're embedded in. It collects files from Android devices and transfers them to attackers, and can also manipulate clipboard contents," it added.

Founded by Sasi in 2015, the start-up raised $7 million in Series A funding led by MassMutual Ventures in 2021.

Last year, CloudSEK faced another cyber attack, where an employee's Jira password was compromised to get access to the company's confluence pages.

The company disclosed that the leaked Jira credentials gave the threat actor access to training and internal documents,  VPN and Endpoint IP address which are accessible with VPN configuration.

"CloudSEK doesn’t store critical information about their customers. CloudSEK is a SaaS company whose products leverage public data to provide external threat intelligence in the form of initial access vectors and TTPs. No data from this breach can be used to launch supply chain attacks on customers," the company had clarified.