LAST UPDATED December 21, 2023
Bot Attackers Are Getting Harder to Detect
Botnet attacks are happening more frequently than ever. When I say “botnet attacks,” I’m not just talking about flooding a system with DDoS. Cybercriminals are now using botnets to automate attack reconnaissance as well as using them to actively attack a target. The scariest part is that attackers are programming these botnets to be smarter and harder to detect by cycling IPs and using “solver services” — commercialized software that has “solved” static bot defense solutions. This is exactly what happened to one of ThreatX’s Australian-based retail customers on March 21, 2023.
Credential Stuffing Attack Targets Australian Pet Supply Company
On March 21, ThreatX began to detect credential stuffing attempts targeting an Australian-based retail customer’s login page, generating approximately 170 million requests. ThreatX noticed an increase of blocked requests targeting the Australian pet supply company’s customer login portal and proactively reached out to discuss the spike in suspicious activity.
The attackers initially targeted the customer from outside the Asia-Pacific region. However, they realized they were being geo-blocked and switched to using IPs within Australia to continue the attack. This is a perfect example of how modern botnets are adjusting their attack patterns to bypass typical geo-blocking capabilities. The attackers rotated through 7,292 different IP addresses during the attack. If this customer were using a legacy WAF solution that didn’t fingerprint attackers as they rotated IPs or user agents, they would have spent extensive time and resources trying to manually block over 7,000 IP addresses.
Saving Pet Lovers Data From Advanced Bot Attacks
Though the platform automatically blocked a large portion of the attack, ThreatX’s team of experts worked alongside the customer to tweak the detection criteria and block the rest of the attack traffic. To prevent further attacks, the ThreatX team built specific detection techniques to track risky behaviors in the client’s authentication workflow. In this way, the system could detect and block any suspicious activities that could lead to a credential stuffing attack.
This attack scenario highlights the importance of having both an API and application threat protection platform that can detect and block advanced botnet attacks as well as tight collaboration with cybersecurity experts.
Botnet Attacks Impact Everyone
Botnet attacks are one of the few cyber threats that can impact almost every team and functional group within an organization as well as customers’ experiences. If the business relies on its online presence, like this Australian pet supplier does, then the effects of automated attacks like credential stuffing are likely to be pervasive throughout the organization. Here’s how:
- Bots vs. business teams: protect the company’s bottom line by making sure your apps serve real customers instead of bots
- Bots vs. marketing team: focus on real visitors and clicks to drive better ROI, conversions,
- Bot vs. operations team: improve performance and uptime by unloading the burden of unauthorized automation and bots
- Bots vs. finance & fraud team: stop account fraud and takeover at the source before damage is done
- Bots vs. AppSec team: automate your defense for automated threats
ThreatX is managed API and application protection that lets you secure them with confidence, not complexity. It blocks botnets and advanced attacks in real time, letting enterprises keep attackers at bay without lifting a finger. ThreatX profiles attackers and blocks advanced risks to protect APIs and applications 24/7. ThreatX also offers Protection-as-a-Service, which means you can leave the worrying to our dedicated team of experts who can manage the platform for you, so you don’t have to manage signatures or stress about false positives.
To learn more about ThreatX and its bot defense capabilities, contact the team to schedule a demo or try it out yourself with this Botnet Console Product Tour.