Preventing account takeover attacks for one of UK’s top retailers
One of UK’s fastest-growing lifestyle brands.
Operates over 500 stores across 5 continents.
Significant web presence.
Netacea Virtual Waiting Room customer for over 3 years.
Looked to Netacea to assist with managing and mitigating automated traffic and attacks.
Client challenge – surge in bot traffic
The customer has managed their intermittent traffic peaks effectively for several years using Netacea’s Virtual Waiting Room product, however a large, unexpected surge in traffic gave the customer cause for concern, prompting them to ask Netacea to investigate.
“We were seeing traffic levels that far exceeded what we’d usually expect during an on-sale event. While we were confident the Netacea Virtual Waiting Room solution would ensure the site continued running under high volumes of traffic, we were concerned about the origin and intent of what else was happening and called on the team to assist us.” – E-Commerce Manager
An initial investigation allowed Netacea to determine there was definitely suspicious activity and advised that the Netacea Bot Management solution be implemented. This solution was implemented within minutes and immediately began to reveal the profile of a very large, distributed bot attack, with the machine learning engine further identifying this as an account takeover and credential stuffing attack.
Instant account takeover attack mitigation
This real-time identification allowed Netacea to quickly apply appropriate mitigations, within just 6 minutes from initial deployment the machine learning-based algorithms had already started blocking attacks from multiple geographical locations and datacentres.
Netacea continued to block the attack for a further two hours until it ceased. In line with typical attack patterns, after a short respite, the attack was recommenced from more disparate locations, however, all attempts in this second attack were unsuccessful, resulting in the bad actors retiring the attack.
“The Netacea team were incredible throughout the attack, and the days that followed. The speed they implemented and started mitigating was phenomenal, and the information that they were able to provide us during the investigation with our hosting partner was invaluable.” – E-Commerce Manager
Netacea’s Adaptive Threat Architecture
Netacea provided the customer with constant analysis of the attack traffic during and after the event to surface as much intelligence as possible. This included the exact geographic locations, datacentres and IP addresses used during the attack. Instantly blocking connection requests from those locations significantly reduced the amount of attack traffic on the website, and soon after this action was complete the attack stopped. A further attack was unsuccessful in impacting the customer website. No further attempts have been seen from this attacker.
Fingerprinting of the attack; both successful and non-successful attempts to log in were analyzed and this data was correlated with the customer’s hosting partner.
By blocking the attack in real-time, the customer was able to prevent a GDPR data-breach disaster and the negative impact on brand and customer faith that also follows when the event is broadcast in national news.
Ensured uptime and availability of customer website during a large-scale account takeover attack.
Rapid implementation of Netacea Bot Management during the attack.
Detection and mitigation of automated account-based attacks.
Continued customer engagement to help detect and prevent further attacks.
Gain visibility into automated traffic
Most organizations lack clear visibility on the extent of bot activity, but this is a critical first step to be able to devise an effective defense strategy. Netacea provides visibility and insight into bot activity and intent on your website.
Audits are client-driven and can focus on either bots in general, or, on key a problem area such as Account abuse, Ad fraud, Price scraping and/or content theft.
Account Takeover Statistics
Schedule Your Demo
Tired of your website being exploited by malicious malware and bots?