Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Cloudy with a chance of emptied accounts.
Photo by Nicolas Jaramillo, please support by following @pexel.com

In the great big world of IT (Information Technology) things in cybersecurity have always been but, even more now, getting more interesting with every new technology or model that pops up.

If you haven’t been living under a rock no less an underground bunker, chances are you have heard about the cloud and all the wonders it has to offer to make your life and even your business flow a little easier however, in the landscape having access to a monolith of services and your choice of pay models looms something in the midst.

Whatever pay model you choose, you may be offering the same choice for an unwanted guest. Don’t know what I mean, let me script it for you.

I could be reading script right now, but I have to fix this stupid car.
Photo by Malte Luk, please support by following @pexel.com

Cloud from Underground

For those who finally came out from underneath that rock or finally believe the air is breathable and things in America and around the world are getting better, I welcome you. Let me give you this quick overview of the cloud and all its glory, all hail Hydra- I mean the mighty cloud.

The cloud or better known as cloud computing is a massive network of distributed services. There are services for housing and examining big data, environments for building applications, and creating automation to execute certain tasks are some of the things you can do in a cloud.

The list of what you can do goes to no end and it’s still expanding. As far as providers go you have the big three and yes this will be biased so be prepared to not agree which you’re welcome to do. They are AWS (Amazon Web Services), Google Cloud, and Azure from Microsoft. What about IBM’s cloud, you ask? Simple, IBM and I don’t talk, AWS all the way baby.

Back on the point, the cloud offers serverless computing, this is the execution model where the CSP puts together machine resources on demand and is done on behalf of the customer.

So, in short, the term serverless doesn’t actually mean there aren’t any servers, serverless means that all of the backend infrastructure is handled by the vendor. For all of you who came out of a bunker, you can go back in now, things haven’t gotten any better.

Enjoying so far?

Check out this other script on cloud. Click here.

It’s just a DDoS, there’s nothing to worry about. It’s not like I need to keep my job or anything like that.
Photo by SHVETS production, please support by following @pexel.com

Denial of a Panic

So, why is this important? How does this information benefit you? Again, you’re offered a pay-as-you-use model for a lot of services. This means attackers have more options when it comes to performing an attack.

DoS (Denial of Service) or DDoS (Distributed Denial of Service) are events where someone is trying to access a website but can’t because the website’s servers are being overwhelmed by traffic from zombies (slave bots).

This is a somewhat normal event and SOC (Security operation center) teams are prepared, for the most part, to deal with them. However, with the addition of the cloud, things have become more complex.

The name of the new challenger is called DoW (Denial of Wallet). And before you ask, yes, I’ll tell you what’s in your wallet when this attack is done.

I don’t think this is what Z-Daddy meant by denial of wallet, it’s more like denial of money.
Photo by Andrea Piacquadio, please support by following @pexel.com

Wallets Racking Up Prices

As mentioned before a DoS/DDoS is not having access to a resource like a website because the server is being overwhelmed by traffic. DoW works similarly but the difference is you run out of money to request resources and services in the cloud.

An attacker can gain access to your account in a variety of flavors and once in, they can begin to rack up charges in your name or your business’s name. This is because to use or to have access to a cloud a credit card must be on file to charge.

Once the card on file reaches its limit and money can no longer be drawn for services, resources are stopped until the bill is paid. Here’s some small math for you, let’s say you were using a server and it cost $0.10 per minute to run that server but you have it scheduled to run between business hours, five days a week. $240.00 USD in a week isn’t a problem because you may have that amount on hand.

However, your account gets hacked and changes the server schedule to run every hour including the weekends changing that $240.00 to $1,008.00 USD in the first week. But not only that, other resources were added and set to run every hour including the weekends. Money runs out quickly in the cloud when you’re hacked and not paying attention. Just when you thought the sky was the limit.

Kim: Girl, you never use the root account. Ain’t you read Scriptingthewhy?
Sarah: What’s that?
Kim: Girl, here. go to the site and you’ll be hip to the games.
Photo by Andrea Piacquadio, please support by following @pexel.com

Accounting for the Root

At this junction, you’re probably sitting at your computer wondering how you can prevent from seeing another bill you either can’t or simply don’t want to pay sneaking its way into your email. Well, I have some good news, following best practices when setting up your or someone else’s cloud.

Always employ the use of setting up a general account, and do not for the love of Sam Smith’s Unholy, do not use the root account because if that account gets hacked, you can kiss your cloud goodbye.

For those who might not know why not to use the root account, it’s like using the admin account on your computer, if someone gains access to it, they can do whatever they want since it’s the highest level of privilege. And if you set up someone’s cloud and the only account is the root, well needless to say unemployment is in your future, that’s cloud 101 and you should know better.

Shaming aside, using multifactor authentication adds another layer of security for accounts and the most important action to take is setting up a budget with multiple avenues, like emails and text messages to reach you as this will alert you when you are approaching your undesired limit for your budget.

And checking in periodically with billing and usage along with checking logs could see you better off as this helps to keep you alert as well. It’s great to have your head in the cloud but fending off unwanted bills can help keep you grounded and employed.

Scriptingthewhy has helped me keep money in my wallet. Z-Daddy, you strike again.
Photo by Lukas, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Did you have a time where you may have encountered a DoS situation? Script about it below.

Discover more from Scriptingthewhy.com

Subscribe to get the latest posts sent to your email.

Unknown's avatar

Published by EchelonVigil

EchelonVigil—a storyteller, strategist, and relentless believer in the power of transformation. Through Scriptingthewhy, I explore what it means to lead with clarity, create with purpose, and show up authentically in every space I touch. My journey isn’t just about tech—it’s about influence. I’ve helped creators, collaborators, and communities unlock their voice, refine their vision, and build systems that reflect who they truly are. Whether I’m shaping a brand, mentoring a team, or crafting content that resonates, my goal is simple: elevate others to become the sharpest, boldest version of themselves. I lead with empathy, challenge with intention, and build with soul. If you’re here to grow, disrupt, or redefine your lane—you’re in the right place.

Leave a comment