"It was like looking for needles in a haystack. But we found them!”

That’s what a Cequence Security customer said after monitoring nearly one billion application transactions in less than 24 hours. They knew most were good, but many were bad.

Here's Their Story

The organization that experienced this significant, unexpected spike in web traffic is a Fortune 500 company online retailer. Like most Cequence Security customers, they are a hyper-connected organization that relies on web, mobile, and API applications to connect their customers, partners, and suppliers.

Unfortunately, like most hyper-connected organizations, they are often targeted by high-volume, automated bot attacks, orchestrated by bad actors trying to avoid detection while attempting to commit fraudulent activity.

During a recent 24-hour period over a holiday weekend, this customer noticed a significant spike in traffic. Part of it was expected, due to special holiday promotions. But, because their security team was using CQ botDefense, powered by the CQAI analytics engine, they were able to detect suspicious “needles” in an otherwise normal haystack of activity. The Cequence solution employs a patented, multi-dimensional detection process, so it was able to provide total visibility into all malicious bot traffic – even where the customer least expected it.

Here are three examples of the bot attack strategies – or needles, in this analogy – that the bad actors used in a failed attempt to gain unauthorized access to valid customer accounts:

  • Needle #1 - An attempt to take over user accounts by abusing an obscure web API that is accessible via many different areas of the web site, including credit card application pages, shopping carts, order status pages, and other locations frequently visited by valid customers. These pages are not often associated with Account Takeover attacks, which is why they can be an attractive target for advanced attacks.
  • Needle #2 – Rather than limiting their targets to various login pages, this attack also used bots to abuse the customer’s mobile app login endpoint in order to attempt to takeover accounts, then exploit an obscure financial services open-source API to commit fraud and transfer money from victims.
  • Needle #3 – Another component of this sophisticated attack included bots focused on creating fake accounts, then scraping content and intellectual property from the customer’s web site that could be leveraged for financial gain by potential competitors.

One of the dangers of these types of unusual bot attacks is that, without complete visibility, you obviously don’t know what you don’t know – and that’s not good.  But in the end, Cequence Security was able to detect and block these sophisticated attacks before the bad actors could achieve their objectives.

If you’re a hyper-connected organization, and suspicious about the spikes in traffic you may be seeing on your network, you may be the target of an automated bot attack like this. To better understand how our ASP and CQ botDefense can protect you, we invite you to request a briefing of the Cequence Security solution.

Find Out If You Have Any "Needles in a Haystack."

Just complete the form, and one of our engineers can brief you on the three bot attack strategies CQ botDefense discovered and successfully defended against to keep our customers safe.