The US Government serves over 100 million households and processes over $2T in payment and benefits. Cyber criminals view government agencies as prime targets for large-scale automated attacks. Using credentials stolen from other websites, attackers use automation to test out large numbers of usernames and passwords with the aim of taking over citizen accounts and stealing valuable information and assets.
Cyber criminals using automated techniques and stolen credentials were able to take over half of the accounts they targeted at one US government agency.
The government agency under attack needed a new approach to fight fraud and deployed the Shape Solution. Using Shape, the government agency stopped the account account takeover attacks within 2 days of deploying Shape counter measures and going into full blocking mode thereby preventing hundreds of millions in cyber-fraud.
The US Government Agency evaluated anti-automation options and chose Shape Security for the company’s ability to effectively and transparently stop unwanted automation at the agency’s operational scale. The agency must meet citizen demands for technology that is backward compatible with legacy web applications and also comply with regulations related to accessibility. Shape’s implementation team has deep skills in browser technologies and was able to work closely with the agency’s security team to test and verify backward compatibility.
Reconfigured application delivery controllers to route hardened pages through the ShapeShifter and validate traffic flows.
Began telemetry by Shape Security-as-a-Service and activated supervised and unsupervised learning by Shape Threat Intelligence team. Developed Shape countermeasures based on gathered data.
Activated Shape countermeasures in a non-blocking mode to verify countermeasure efficacy and browser compatibility.
Put Shape service into production and began blocking unwanted automation.
Attackers acquired spilled credentials from the open web (criminal marketplaces and password dump sites).
Attackers tested stolen passwords and personal information combined
with intelligent algorithms
to guess answers to authentication questions.
accounts when the
credentials were valid.
Attackers then redirected payments and benefits.
This critical government agency was able to dramatically lower account takeover and associated fraud through the deployment of Shape. Working with the agency’s web application and network technologists, Shape was able to successfully integrate Shape into the the agency’s web application platform while meeting all compatibility and accessibility requirements. The agency continues to benefit on an ongoing basis from Shape threat intelligence, 24/7 monitoring, counter measure updates and threat research enabling the agency to stay ahead of cyber-criminals.