The Threat of Automated Cyberattacks

The costs to organizations from automated attacks and unwanted traffic are growing rapidly, fueled by the dramatic increase in data breaches and stolen account credentials. 

Why Existing Solutions Don't Work

CAPTCHAS

CAPTCHAS can  now be defeated by OCR more than 85% of the time and introduce significant user friction and subsequent revenue reduction.

SIMPLE MITIGATION

IP blocking and rate limiting are easily fooled by most tools
and techniques, either by rotating IPs, attacking via “low and slow” methods, and using “trusted” cloud sources.

WAFs

Automated attacks use syntactically correct actions for which WAFs were not designed to detect. Thus WAFs provide no detection ability.

IDS/IPS

IDS / IPS scan a variety of protocols and must make extremely fast detection decisions and  inevitably missing sophisticated malicious automation attacks.

Why Existing Solutions Don't Work

CAPTCHAS

CAPTCHAS can  now be defeated by OCR more than 85% of the time and introduce significant user friction and subsequent revenue reduction.

SIMPLE MITIGATION

IP blocking and rate limiting are easily fooled by most tools
and techniques, either by rotating IPs, attacking via “low and slow” methods, and using “trusted” cloud sources.

WAFs

Automated attacks use syntactically correct actions for which WAFs were not designed to detect. Thus WAFs provide no detection ability.

IDS/IPS

IDS / IPS scan a variety of protocols and must make extremely fast detection decisions and  inevitably missing sophisticated malicious automation attacks.

Credential Exploitation and Account Takeover

How big is the problem?

  • According to a 2015 NuData report, incidents of account takeover jumped 112% in Q1 2015 year-over-year.
  • According to the Federal Reserve in 2013 and LexisNexis in 2014, the cost of account takeover attacks was over $4.7 Billion in 2013
  • ATO attacks affected >2% of global consumers, and rising rapidly with an increased volume of attacks.
Read the Solution Brief

Content Scraping and Aggregation

Content scraping attacks use automation to build large-scale datasets of catalog, inventory, and pricing information about retail, airline, and hotel sites that they then resell or use to commit various types of fraud.

While often not malicious, data aggregators can pose serious problems for busy websites by forcing operations teams to overprovision the supporting infrastructure, often at substantial cost.

Read Solution Brief

Application DDoS

A relatively new type of attack, cyber criminals send a high volume of application layer requests designed to slow down or make a website totally unusable.  The criminal underground has already begun publishing automation tools for application DDoS attacks making increases in frequency and severity of future attacks highly probable

Automated Attack Toolkits

Off-the-shelf attack toolkits are widely available in the criminal underground. These attack toolkits can be customized and configured to attack almost any site, allowing an attacker with negligible experience to unleash a sophisticated automated attack. Velocity Manager is able to detect and mitigate attacks from popular attack toolkits such as:

  • Sentry MBA
  • Hitman
  • Hydra
  • Medusa
  • Phantom JS
  • CURL & WGET