WAYSCloudTrust Center
All reports

Significant Increase in Malicious Traffic Successfully Mitigated

WAYSCLOUD-TR-2026-0021Security ReportlowResolved
Published: 2026-06-03 15:59:10 UTC Updated: 2026-06-03 20:01:00 UTC

Summary

WAYSCloud detected and mitigated 406,171 attack attempts from 205,461 unique sources within a one-hour period, consistent with a coordinated, botnet-like distributed denial-of-service (DDoS) attack, followed by a renewed wave in the second hour.

The exceptional traffic volume directed at our edge layer caused temporary degraded responsiveness in the customer dashboard and APIs. Traffic has since fallen considerably and services are returning to normal. There is no indication of any security breach, customer data exposure or infrastructure compromise, and underlying customer workloads remained unaffected.

WAYSCloud attack and abuse telemetry over a one-hour period — 406,171 attempts from 205,461 unique sources across 211 countries and territories
Attack and abuse telemetry over the observed one-hour period — 406,171 attempts from 205,461 unique sources across 211 countries and territories.

What Happened

Our monitoring systems detected a substantial increase in hostile and unwanted Internet traffic directed at WAYSCloud infrastructure.

While public-facing cloud services continuously receive automated scans and abuse attempts, the observed activity represents a notable deviation from our normal baseline and warrants public disclosure in the interest of transparency.

During the observed one-hour period:

  • 406,171 attack and abuse attempts detected
  • 205,461 unique source addresses observed
  • Activity originating from 211 countries and territories
  • No confirmed impact on customer services or availability

The activity consists primarily of automated scanning, probing, credential attacks and other forms of abusive traffic targeting Internet-facing systems.

Based on the volume, distribution and rate of activity, our current assessment is that the traffic appears coordinated or botnet-like in nature. No attribution has been made, and investigations remain ongoing.

Importantly, the observed traffic has been detected, classified and mitigated by multiple defensive layers before reaching critical systems.

Impact

At this time:

  • No customer accounts have been compromised
  • No customer data exposure has been identified
  • No security breach or infrastructure compromise has been identified
  • Core infrastructure remained operational throughout the event
  • Detection and mitigation systems performed as expected

At its peak, the exceptional traffic volume directed at our edge layer caused temporary degraded responsiveness (slowness) in the customer dashboard and APIs. As the attack has subsided, this latency is easing and services are returning to normal. Underlying customer workloads and data remained unaffected throughout.

Actions Taken

Upon detection of the increased activity, WAYSCloud initiated enhanced monitoring across network, application and authentication layers.

Additional telemetry collection and analysis have been enabled to better understand the nature and scope of the activity, while existing mitigation controls continue operating normally.

The observed event volume is significantly above our typical baseline. However, the activity is currently being successfully identified and filtered before it can affect customer-facing services.

As a result of the unusually high event volume, certain non-critical visualisation and reporting components may experience delayed updates while processing telemetry data. This does not affect detection, mitigation, monitoring or protection capabilities.

Current Status

This incident is resolved. Traffic has returned to normal baseline levels and all customer-facing services, including the customer dashboard and APIs, are operating normally.

No security breach or customer data exposure occurred at any point. WAYSCloud will continue routine monitoring of the service.

Timeline

Jun 3, 2026, 18:24 UTC
Action Taken
Over the past hour we have observed a further 22% increase in malicious traffic volume. The scale and rate of the activity are consistent with a significant distributed denial-of-service (DDoS) attack directed at our nodes. Mitigation is actively underway to suppress the attack and minimise disruption to customer-facing services. Core infrastructure remains operational, and we will continue to post updates as the situation develops.
Jun 3, 2026, 19:03 UTC
Action Taken
We are currently experiencing degraded performance (slowness) in the customer dashboard and APIs. This is primarily driven by the extreme volume of data hitting the company's edge layer, rather than any direct impact on customers. We are actively working to reduce the load and restore normal responsiveness.
Jun 3, 2026, 19:14 UTC
Monitoring
The attack has now been suppressed, both through WAYSCloud's mitigation measures and as the originating actor(s) wound down their activity. The event was characterised by an extreme peak during the first hour and a renewed wave in the second hour. Traffic volume has since fallen considerably and customer-facing services, including the dashboard and APIs, are returning to normal responsiveness. No security breach or customer data exposure was identified at any stage. We are continuing to monitor the service closely.
Jun 3, 2026, 20:01 UTC
Resolved
This incident is now resolved. Traffic has returned to normal baseline levels, and the customer dashboard and APIs are operating with normal responsiveness. No security breach, customer data exposure or infrastructure compromise occurred at any stage, and WAYSCloud's defensive systems performed as intended throughout. We thank customers for their patience and will continue routine monitoring of the service.