Where Attacks Originate: Automation

Automated attacks are costing businesses billions of dollars

Today, most website visitors aren’t human. They’re bots.

While some bots are benign, like chatbots and search engines, most are bad bots used by malicious attackers to gain unauthorized access, take over customer accounts, and even commit fraud while eroding the customer experience. And they’re constantly retooling to mimic user behavior and bypass common countermeasures like CAPTCHA. Here are some of the most relevant automated attack trends, and how you can fight back against them.

View the infographic

Breaking Down Bots

Back to: Stop Fraud Without Friction

Credential Stuffing: Bad Actors Compromise Real Customers

Ninety percent or more of an enterprise's online and mobile traffic can be from cybercriminals performing automated attacks with the intent to steal customer data and commit fraud.

98.5% of requests to a customer loyalty program were attacks.

These attacks, known as credential stuffing, can lead to account takeover and serious fraud losses, while also negatively impacting application performance and skewing analytics. And if that wasn’t enough, attackers also aim to jeopardize your customers’ trust by siphoning money and points from loyalty programs.

Watch the video
Credential Stuffing Attacks 101

Shape solutions, part of F5, have a multi-leveled approach to defeat credential stuffing – protecting over 4 billion transactions per week.

For every connection to a site or application, Shape creates and assigns a Device ID – a unique identifier to each device visiting your site created in real-time utilizing advanced signal collection and machine learning algorithms. Utilizing this unique identifier as well as other signals, Shape solutions can identify and stop attempts to use compromised credentials in real-time, blocking bots that emulate human behavior and fraudsters who manually hack applications to bypass anti-automation defenses.

Shape Enterprise Defense: Solution Overview

Shape, part of F5, protects over 4 billion transactions per week from sophisticated attacks on behalf of the world’s largest companies.

CAPTCHA and Other Cybersecurity Myths That Are Hurting Your Business

Are your sites using CAPTCHA to mitigate automated attacks? If so, it’s probably not working, and it could be causing unintended consequences such as customer abandonment due to excessive friction. And with an increase in third-party CAPTCHA solving services, both automated and human powered, it has become increasingly simple to bypass CAPTCHA. Your web and mobile applications need better protection.

The last thing you want to do is base real business decisions and security outcomes on a myth, even if it does sound convincing.

Cybersecurity Myths That Are Harming Your Business

Back to: Defend Your E-Commerce Business | F5 Networks

Watch the video
VP of Shape Intelligence Center Dan Woods Demonstrates How to Defeat CAPTCHA

Retailer Fixes Fraud Without Increasing Friction

Known for their luxury product offering and friction-free online experience, a North American retail chain prided themselves on providing a great customer experience. But the company was ravaged by automated attackers taking advantage of their streamlined system. 

After trying and failing to combat attackers with traditional countermeasures (CAPTCHA, blocking IP addresses, etc.), the retailer turned to Shape solutions. After three weeks of observation, they went live with mitigation, and the results were immediate.

From day one, when Shape went into blocking mode, we saw a nearly 100% drop in fraud from automation.

CIO of North American retailer

While customers are loyal, fraudsters are not; once we stopped them, they went away.

CIO of North American retailer

An Adaptive Security Approach

In the following 30-day period, the retailer saved over $500,000 in fraud that would have been lost due to account takeover and gift card cracking. The attackers attempted to retool around Shape’s defenses, but because Shape tracks hundreds of network, device, and environment signals, the attackers were easily found and blocked again.

With automated attackers repelled by Shape, the origin servers saw only the human visitors—a mere 1% of the previous load. By reducing 99% of traffic, Shape lifted “a huge burden off our infrastructure, which had a direct positive impact on revenue.”

Retailer Solves Shoe-Bot Spikes, Fixes Fraud, Friction and Fake

This retailer was successful not only because of the initial mitigation measures, but because of the solution’s ability to adapt to changing attacker tactics. Bad actors will find a way around static security countermeasures if the target is sufficiently attractive. In fact, attackers now leverage trained artificial intelligence (AI) models to bypass security. Organizations, especially those that guard highly sensitive customer information, need to continue to hold business and technology partners accountable for ensuring the security and integrity of the application even after launch.

Fake Reservation Story: The Power of Signals & Sharing Data to Stop Application Attack

Back to: Defend Your E-Commerce Business | F5 Networks

1 The Attractive ROI of Online Fraud

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

2 Where Attacks Originate: Automation

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

3 Future Outlook: Preparing for Adaptive Attackers

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

4 Successful Online Fraud Prevention in Action

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.