Netacea Prevents Account Takeover Attacks for One of UK’s Top Retailers

The Challenge

The customer has managed their intermittent traffic peaks effectively for several years using Netacea’s Virtual Waiting Room product, however a large, unexpected surge in traffic gave the customer cause for concern, prompting them to ask Netacea to investigate.

“We were seeing traffic levels that far exceeded what we’d usually expect during an on-sale event. While we were confident the Netacea Virtual Waiting Room solution would ensure the site continued running under high volumes of traffic, we were concerned about the origin and intent of what else was happening and called on the team to assist us.” – E-Commerce Manager

An initial investigation allowed Netacea to determine there was definitely suspicious activity and advised that the Netacea Bot Management solution be implemented. This solution was implemented within minutes and immediately began to reveal the profile of a very large, distributed bot attack, with the machine learning engine further identifying this as an account takeover and credential stuffing attack.

The Solution

This real-time identification allowed Netacea to quickly apply appropriate mitigations, within just 6 minutes from initial deployment the machine learning-based algorithms had already started blocking attacks from multiple geographical locations and datacentres.

Netacea continued to block the attack for a further two hours until it ceased. In line with typical attack patterns, after a short respite, the attack was recommenced from more disparate locations, however, all attempts in this second attack were unsuccessful, resulting in the bad actors retiring the attack.

“The Netacea team were incredible throughout the attack, and the days that followed. The speed they implemented and started mitigating was phenomenal, and the information that they were able to provide us during the investigation with our hosting partner was invaluable.” – E-Commerce Manager

The Outcome

Netacea provided the customer with constant analysis of the attack traffic during and after the event to surface as much intelligence as possible. This included the exact geographic locations, datacentres and IP addresses used during the attack. Instantly blocking connection requests from those locations significantly reduced the amount of attack traffic on the website, and soon after this action was complete the attack stopped. A further attack was unsuccessful in impacting the customer website. No further attempts have been seen from this attacker.

Fingerprinting of the attack; both successful and non-successful attempts to log in were analyzed and this data was correlated with the customer’s hosting partner.

By blocking the attack in real-time, the customer was able to prevent a GDPR data-breach disaster and the negative impact on brand and customer faith that also follows when the event is broadcast in national news.