Detecting noise in canvas fingerprinting
In a previous blog post, we talked about canvas fingerprinting, a technique commonly used to detect fraudsters and bots.In this post we'll go deeper on how fraudsters can forge or create fake canvas fingerprints to stay under the radar for typical device fingerprinting techniques. Plus cover some ... Read More
The role of WebGL renderer in browser fingerprinting
Browser fingerprinting leverages different JavaScript attributes related to the user's device, OS, and browser. When it comes to bot detection, fingerprints can be used as a signature to block attackers, even if they delete their session cookies. Bot detection engines also verify the values of different attributes to ... Read More
Anatomy of a 4-day mobile app credential stuffing attack
In this article, we cover the details of a distributed credential-stuffing attack that targeted the mobile application of a major US on-demand staffing company. By the end of the bot attack, which lasted 4 days, Castle blocked more than 558K malicious login attempts.Credential stuffing attack metricsDate: from December ... Read More
How bots and fraudsters exploit free tiers in AI SaaS
The latest wave of artificial intelligence (AI) improvements significantly improved the quality of models for image and text generation. Several companies, such as OpenAI (ChatGPT) and Claude provide services, often in the form of software as a service (SaaS) that make it easy for users to interact with these AI ... Read More
How bots and fraudsters exploit video games with credential stuffing
If you spend time on video game forums, you might have noticed posts from users discussing their accounts being hacked or stolen, often mentioning the loss of games or items linked to their accounts. At Castle, we know these incidents are often caused by credential-stuffing attacks, where bots exploit reused ... Read More
Open Bullet 2: The Preferred Credential Stuffing Tool for Bots
Open Bullet 2 is an open-source software, specialized in credential stuffing attacks, i.e. attacks that use bots to automatically steal user accounts at scale by automatically testing stolen credentials found in data breaches. It can target both websites and mobile applications.When it comes to credential-stuffing attacks, Open Bullet ... Read More
Canvas fingerprinting in the wild
Every day, your computer renders dozens of these without you even noticing. Strange patterns, colorful shapes, and emojis—what do you think these are?These are canvas fingerprints, a technique used by the vast majority of websites to fingerprint devices and distinguish humans from bots. What you might not ... Read More
Anatomy of a 6-day Credential Stuffing Attack From 2.2M Residential IPs
In this article, we cover the details of a heavily distributed credential-stuffing attack that targeted a major US financial service company (spoiler: there were some pretty clear signs of device spoofing, as you'll see below). By the end of the bot attack, which lasted 6 days, Castle blocked ... Read More
Product Focus: Overview Page
Our mission at Castle is to equip you with the most effective tool to detect and stop bad actors within your application. In the majority of cases, stopping these bad actors is not a one time effort, but requires continuous monitoring and adaptation to stay ahead of emerging threats.This ... Read More
In Devices We Trust: Improving CAPTCHA Friction
Are your users annoyed by constantly being hit with CAPTCHAs? Find out what how you can improve the user experience while keeping your site secure ... Read More
