Bot Attacks – One Week in the Life of a Customer

December 20, 2018 | by Franklyn Jones

Bot Attacks customer insights

Each week, we provide our customers with a detailed report on malicious bot attacks targeting their organizations with the intent of gaining unauthorized access to the critical applications that connect their digital ecosystems. Because the Cequence API Spartan solution protects all targeted channels–web and mobile apps, as well as strategically important API services–we’re able to determine what assets are being targeted precisely, what tools the attackers are using, and where they’re activities are originating.

Based on our experience thus far, our customers are “delightfully stunned” at the visibility they now have into the attacks on their organizations. It’s delightful in the sense that they’ve never had this level of visibility before. But it’s stunning in the sense that they also had no idea of the relentless volume of these attacks.

For example, we recently ran a report on web traffic for one of our Fortune 500 customers. Without revealing any confidential information, here are a few interesting data points:

  • Cequence inspected nearly 150 million application requests over seven days
  • Attacks originated from multiple countries, phones, tablets, and browser types
  • Attacks targeted web, mobile, and API channels – especially backend APIs
  • SNIPR was the most commonly used tool by bad guys to plan and launch the attacks
  • The largest geo-distributed attack involved more than 3 million IP addresses worldwide

It was not a great week for this customer because 99%+ of nearly 150 million requests were determined to be malicious. Fortunately, Cequence detected and blocked all of them.

But what if we didn’t? Well, the customer might have over-provisioned its infrastructure to accommodate all this great, high-volume traffic. That would have been costly (and unnecessary). But not as costly as dealing with account takeovers, financial fraud, damaged reputation, and general business disruption.

Bot attacks now account for nearly 1/3 of all Internet traffic. That’s huge. But in the case of this customer, it was more than 99%! Fortunately, they had the visibility and control necessary to stop these attacks before they achieved their objectives. But what about your organization? Do you know what’s on your network? Contact us, and we’ll give you the answer.

Franklyn Jones

Author

Franklyn Jones

Additional Resources