Last updated: April 29, 2026
Why this module exists. Modern cloud architectures auto-scale. Auto-scaling means an attacker who can drive load can drive your bill — to bankruptcy levels — without taking the service down. The 2020-2024 wave of “DenialOfWallet” attacks demonstrated that autoscaling without circuit breakers is a financial DoS. Indian SaaS, especially YC-funded startups with low cash runway, are highly exposed.
How autoscaling becomes a weapon
Your serverless function executes 1ms-100ms each. Your Lambda cost is fractions of a paisa per invocation. Throughput limit: thousands of concurrent invocations.
Attacker generates 100M invocations over 24 hours. Total cost: ₹3,000-30,000. Their cost: ~₹50 of botnet rental. Their incentive: extortion, vendetta, or just to watch.
For services with bandwidth costs (CloudFront egress, S3 GET, RDS data transfer): even simpler. Each request is HTTP-cheap; egress is paid in GB. Drive 10TB of egress = $900 (at AWS prices). Drive 100TB = $9,000. Sustained over a month = $270K.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.