ThreatX Blocks Millions of Credential Stuffing Attempts Targeting Pet Supply Company

PUBLISHED ON May 31, 2023
LAST UPDATED December 21, 2023

Bot Attackers Are Getting Harder to Detect 

Botnet attacks are happening more frequently than ever. When I say “botnet attacks,” I’m not just talking about flooding a system with DDoS. Cybercriminals are now using botnets to automate attack reconnaissance as well as using them to actively attack a target. The scariest part is that attackers are programming these botnets to be smarter and harder to detect by cycling IPs and using “solver services” — commercialized software that has “solved” static bot defense solutions. This is exactly what happened to one of ThreatX’s Australian-based retail customers on March 21, 2023.

Credential Stuffing Attack Targets Australian Pet Supply Company 

On March 21, ThreatX began to detect credential stuffing attempts targeting an Australian-based retail customer’s login page, generating approximately 170 million requests. ThreatX noticed an increase of blocked requests targeting the Australian pet supply company’s customer login portal and proactively reached out to discuss the spike in suspicious activity.  

The attackers initially targeted the customer from outside the Asia-Pacific region. However, they realized they were being geo-blocked and switched to using IPs within Australia to continue the attack. This is a perfect example of how modern botnets are adjusting their attack patterns to bypass typical geo-blocking capabilities. The attackers rotated through 7,292 different IP addresses during the attack. If this customer were using a legacy WAF solution that didn’t fingerprint attackers as they rotated IPs or user agents, they would have spent extensive time and resources trying to manually block over 7,000 IP addresses.  

Saving Pet Lovers Data From Advanced Bot Attacks 

Though the platform automatically blocked a large portion of the attack, ThreatX’s team of experts worked alongside the customer to tweak the detection criteria and block the rest of the attack traffic. To prevent further attacks, the ThreatX team built specific detection techniques to track risky behaviors in the client’s authentication workflow. In this way, the system could detect and block any suspicious activities that could lead to a credential stuffing attack.  

This attack scenario highlights the importance of having both an API and application threat protection platform that can detect and block advanced botnet attacks as well as tight collaboration with cybersecurity experts. 

Botnet Attacks Impact Everyone 

Botnet attacks are one of the few cyber threats that can impact almost every team and functional group within an organization as well as customers’ experiences. If the business relies on its online presence, like this Australian pet supplier does, then the effects of automated attacks like credential stuffing are likely to be pervasive throughout the organization. Here’s how: 

ThreatX is managed API and application protection that lets you secure them with confidence, not complexity. It blocks botnets and advanced attacks in real time, letting enterprises keep attackers at bay without lifting a finger. ThreatX profiles attackers and blocks advanced risks to protect APIs and applications 24/7. ThreatX also offers Protection-as-a-Service, which means you can leave the worrying to our dedicated team of experts who can manage the platform for you, so you don’t have to manage signatures or stress about false positives. 

To learn more about ThreatX and its bot defense capabilities, contact the team to schedule a demo or try it out yourself with this Botnet Console Product Tour.


About the Author

Sydney Coffaro

Experienced subject-matter expert focused on cybersecurity automation, incident response, APIs, and application security with a demonstrated history of working in fast-paced early stage startups. Sydney is a certified product manager, Scrum Master, and has led technical sales initiatives for go to customer teams that resulted in the acquisition of hundreds of customers.