Case Study

Global Retailer Credential Stuffing Case Study

By / 30th Oct 2019

 

Global Retailer Credential Stuffing Case Study

Retailer Puts a Stop to Credential Stuffing

Customer Profile:

Global retailer with a significant eCommerce profile and loyalty points scheme.

  • $70bn annual turnover
  • Top 5 global retailer
  • 7000+ stores

“Netacea helped us successfully make the switch from reactive bot management to proactive identification and mitigation. Netacea has taken the pressure off our internal resources and we now feel confident that our customers’ accounts are no longer vulnerable to continual credential stuffing attacks.”

- Security Operations Manager

Retailer Client Challenge

In early 2018, one of the world’s largest retailers identified they were being frequently targeted by credential stuffing attacks.

Threat actors utilised breached usernames and passwords to access customer accounts and make fraudulent purchases to the tune of millions of pounds per month, before selling the validated account details on the Dark Web.

The fraudulent activity not only cost the retailer directly but put the brand’s reputation at risk. Customers were continually locked out of accounts, asked to verify their legitimacy or required to reset their usernames and passwords following an attack, leaving many users feeling frustrated and vulnerable.

Threat actors typically used a combination of volumetric and sophisticated low and slow attacks to carry out the credential stuffing activity. The attackers were able to bypass the protection put in place by the retailer’s existing WAF and DDoS vendor and manual, reactive mitigation measures were required by the business’s Security Operations Centre (SOC) team; putting strain on internal resources.

“We had a team of ten people who were manually blocking I.P addresses and user agents of credential stuffing attacks, that could occur at any time. We had to make the business-critical decision to move to a proactive approach and improve our security” - Security Operations Manager

The retailer needed a specialist bot management vendor that could provide rapid detection and mitigation, using technology that would integrate with existing architecture. This would ensure the business acquired comprehensive visibility of all website, mobile app and API traffic.

The Solution: Netacea

Netacea’s industry-leading bot management solution accurately identified several credential stuffing attacks within 24 hours of implementation. Over the course of the next 30 days, Netacea detected large volumetric credential stuffing attacks and highlighted continued low and slow attacks, that were flying under the existing vendor’s radar.

Protecting The User Experience

The retailer must be able to facilitate more than 100,000 customer logins every hour, via a quick to load login page that presents minimal user friction. Working with Netacea enables the retailer to proactively protect customer accounts across the entire estate, without adding any latency or friction to the customer journey.

Netacea Dashboard - Risk Profile
Netacea Dashboard - Risk Profile

Netacea’s detection technology is integrated directly with the retailer’s SIEM solution to capture visitor data. This enables Netacea to quickly and effectively send recommendations to the login page while ensuring owners of breached accounts are made aware of the need to reset usernames and passwords.

The retailer is now protected from both volumetric and low and slow credential stuffing attacks, freeing up their SOC team to focus on new and emerging threats.

“We estimate Netacea has reduced our customer fraud costs by £1.4m per month”

Results

  • 650,000+ malicious login attempts mitigated per week
  • Customer account fraud costs reduced by £1.4m per month
  • Internal product and security resources freed up to focus on business needs