Tales from the Front Lines: Retailer Prepares for Holiday Bot Battle in a Matter of Weeks

Following on the retail win posted previously, this week’s win is a clothing and home décor retailer that had an account takeover/credential validation challenge that their incumbent solution was unable to address. Bad actors were targeting APIs supporting both their web and mobile logins, successfully executing ATOs. Once the account was taken over, they were used to commit fraud or sold to other bad actors for their own use. At one point, the incumbent’s efficacy was so low that the customer was forced to block large swaths of IP addresses that included both the attackers and legitimate shoppers, resulting in user frustration.

The Search Was On

When the decision was made to move to a new vendor, the customer used their past experience to frame the key requirements to support their dynamic environment:

  • Bot mitigation should be deployed near their cloud-based applications, at the edge, as opposed to their AWS environment.
  • The customer wanted to minimize or eliminate infrastructure and mobile application integration, which limited the customer’s ability to rapidly deploy new applications.
  • Access to attack campaign information and the ability to export that data to other systems for a centralized view was critical.

During the initial conversations with Cequence, it appeared that the customer requirements were easily met, however, speed was of the essence as the customer wanted deployment before the holidays. Cequence Bot Defense SaaS was deployed in a matter of hours, requiring only a traffic redirect from Amazon CloudFront to Bot Defense SaaS for analysis, then on to the application origin.

Without the additional development, QA and 3rd party validation cycles required by JavaScript and SDK integration, Bot Defense with CQAI allowed the development team to focus on delivering new apps and features quickly. Once deployed, analysis by CQAI began to show ongoing attacks against both mobile and web applications.

Working closely with the CQ Prime threat research team, several significant arrack campaigns were uncovered:

  • A large ATO attack on the web login application that represented 35% of the total traffic at more than 1.5 million attack requests, averaging 200 requests per minute and distributed across more than 220,000 IP addresses.
  • An ATO attack on the mobile login represented 98% of the traffic over a 2 day period with more than 1.5 million requests distributed across 1,200 IPs at a rate of about 1,000 requests per minute.
  • A “low and slow” ATO was also observed on the mobile login with an average of 6 requests per minute distributed across a mere 50 IP addresses.

The final PoC requirement was to export the Bot Defense findings and results to the customer’s centralized dashboard was easily met using the standard set of APIs that enables data to be exported to external systems, thereby enhancing the organization’s collective security posture.

No Additional Vendor Analysis Needed

The evaluation of Bot Defense was both rapid and successful – so much so that the customer chose to halt any further evaluation of other bot mitigation vendors. The next step was licensing, threat hunting training with the CQ Prime threat research team, and ramping up to full production to be ready for the holidays.

Learn more about how Bot Defense sets itself apart from other, first-generation bot mitigation alternatives here.

The post Tales from the Front Lines: Retailer Prepares for Holiday Bot Battle in a Matter of Weeks appeared first on Cequence.

*** This is a Security Bloggers Network syndicated blog from Cequence authored by Matt Keil. Read the original post at: