We’re excited to partner with Kong on #Decentralize2020 - a free full-day event on April 16th! Learn more
Webinar - Beating Bad Bots by Knowing Good Users. April 8, 2020 | 10 AM PT / 1 PM ET Learn more
eBook - 4 Tactics Cyberattackers are Starting to Employ in Account Take Over Attacks Learn more
New Cloudflare Integration - Protecting your company is now simpler with Cloudflare. Learn more
Close
Video

Account Takeover Demo 2 - Attackers Appear Local to Avoid Detection

Heather Howland
VP of Marketing

One way attackers improve the overall success of their account takeover attacks is to use local IP addresses. This enables them to blend into normal traffic and circumvent traditional geo blacklisting defenses. Here, you see a single attacker using 907 IP addresses, from 21 Internet Service Providers, located in two countries. Ultimately, they targeted more than 36,000 users, completing over 660,000 login attempts, which would have resulted in over 1056 valid credentials had Castle not been protecting the site. Luckily, Castle was there, and the attacker was prevented from using those credentials to login and steal sensitive data, transfer money, or disrupt services.