Over the past two weeks, Doxy.me was under a sophisticated Denial of Service attack (DOS). This attack was partially successful at peak times in preventing our legitimate customers and their patients' access to the website. We have undergone some significant infrastructure improvements to better detect, respond, and defend against such attacks in the future. We have no evidence to suggest this attack was trying to steal data from Doxy.me customers or their patients and was most likely a plot to harm the Doxy.me reputation. Continue reading for a detailed breakdown of the events and enhancements.
DOS attacks are the most common type of attack that online companies and services encounter. Doxy.me has seen similar instances in the past, but none have been successful until October 2nd, 2019. When this attack first started, it presented differently as it appeared to some extent as legitimate traffic and made the Doxy.me technical team believe it was an internal problem with the Doxy.me system, and not some actions from an external party.
As time went by, and the Doxy.me team began digging into system improvements, another attack occurred on October 8th, 2019. Again, the attack presented as legitimate traffic and led the technical side within Doxy.me to believe it was a problem with the Doxy.me system. The team took quick action to "repair" and make changes to our infrastructure to prevent a similar "problem" in the future.
On October 10th, 2019, when another attack started ramping up, it was clear that this was not a problem within the Doxy.me system but an attack from an outside actor. The technical team within Doxy.me was then able to identify the assault and its methods and put temporary but effective measures in place to stop the attack.
Over the past few days, the Doxy.me team has made several substantial changes to our infrastructure and network to detect and prevent similar problems in the future. The improvements include improved web application firewalls to automatically detect and block application-layer vulnerabilities at the network level; rate limiting to protect crucial resources by providing fine-grained control to prevent or qualify visitors with suspicious request rates; enhanced servers and internal resources; as well as some policy and procedure changes.
While we believe these changes to be material, there is more work to be done. And we'll be keeping an eye on our traffic over the coming week to see how our changes can fend off this attack and others like it.
At this time, we have no evidence to suggest this person or group was trying to "hack" or steal data from the Doxy.me system. It appears to be a targeted and sophisticated attempt to harm our customers' businesses and the Doxy.me reputation. This DOS attack was most likely orchestrated by a competitor or someone who plans to announce a similar service soon and would like to try to entice customers away from our "unreliable" system and onto theirs. This tactic is an unfortunate reality of online services, as 12% of businesses are confident that their competition initiated a DoS attack.
We appreciate your continued support and patronage and look forward to bringing more security enhancements and innovations to the Doxy.me platform over the next few months.