Menu
Many organizations and individual businesses are facing an existential crisis amid the widespread lockdowns associated with the COVID-19 pandemic. Certain types of businesses felt the impact of COVID-19 more than others. And one of the companies hardest hit was our customer, the Integrated Logistics Service Provider, one of the world’s foremost leaders in the integrated logistics service and the supply chain service ecosystem and a member of the FORTUNE Global 500 list.
Prior to the worldwide pandemic, this Integrated Logistics Service Provider led in areas such as shipping, shipbuilding and ship financing, ship repair, and similar logistics, particularly in Asia. As the pandemic spread throughout Asia and the rest of the world, it led to lockdowns and border closures that restricted the movement of goods. Additional protocols, such as lockdowns and social distancing at factories and warehouses, ensured the safety of workers but contributed to factory closures and bottlenecks for freight.
However, although Asia was the first continent hit by the pandemic, it was also the first to recover. This allowed China to resume exports while the rest of the world continued to confront uncertainties and risks. As a result, nearly all of the containers that had been held in Asian ports were deployed to destinations in Europe and North America; however, these shipments were not sufficient to overcome the delivery delays and supply chain disruptions, so those containers did not come back quickly enough.
This kind of domino effect has led to global shortage of empty containers, the freight fees have been surging continuously. For example, the unit price of a container shipped from China to the west coast of the United States rose from $2,000 to $20,000 in just a few months, creating challenges for our customer.
As the world-leading integrated logistics service provider, our customer has always taken cloud security seriously, and has used CDNetworks as its trusted service provider for years. Before the global shortage of empty containers, our customer used CDNetworks’ Application Shield to strengthen its web application firewall (WAF) protection. This time, our customer needed a bot management solution that could protect its booking platform from scalping, to avoid the risk of broken stowage and the revenue loss.
Our customer had been vulnerable to scalper bots that conducted rapid-fire, automated purchases of large numbers of ticket items at extremely low prices before the customer could post the actual prices on its booking platform. The hacked purchase price was often as low as 1/10 of the actual cost, which prevented valid users from getting a fair chance to book the containers. Using scalper bots also allowed fraudsters to check out their bought items in no time, hoard the items in bulk, and then resell the items at a premium, causing significant loss to our customer.
The key to combatting false container bookings is the ability to accurately identify and block malicious bot traffic without adversely impacting business. To that end, data analysis becomes critical for identifying bot traffic. The first thing that CDNetworks’ security experts did was to take a close look at the customer’s booking platform, and then determine the vulnerabilities that permitted false container bookings. Their investigations revealed three causes.
Cause 1: Mass Account Logins
Malicious Bot Behavior: brute force and account takeover, fraudulent registrations, bulk login.
Cause 2: Monitoring Shipping Container Information
Malicious Bot Behavior: high frequency and single-targeted URL access, unusual traversal, which caused a huge drain on website bandwidth, server expenses and data security maintenance costs.
Cause 3: Malicious Bookings
Malicious Bot Behavior: automatic bookings by script.
After ascertaining these three causes, our security experts used CDNetworks’ Bot Shield solution to handle the malicious bot traffic. Initially, the experts filtered bad traffic based on CDNetworks’ Threat Intelligence Library. Covering more than 100 types of intelligence, CDNetworks’ Bot Shield monitored visiting traffic on the customer’s booking platform in real time, and then identified and blocked bots that met predefined intelligence characteristics.
To save costs and resources, CDNetworks’ Bot Shield also leveraged real-time correlation to identify and block abnormal behaviors such as high-frequency access requests, single-targeted URL access requests, and unusual website traversals. In this way, Bot Shield helped the customer detect bots and then allow or deny them based on different criteria including abnormal behavior, suspicious IP addresses, user agents, cookie features, JavaScript features, and other questionable characteristics. At this stage, CDNetworks’ Bot Shield implemented unique client-side fingerprinting for each access device in an attempt to discover more advanced bots. After addressing causes 1 and 2, malicious traffic on our customer’s booking platform, such as brute force visits, fraudulent registrations, and malicious vulnerability scanning and traversal queries, decreased significantly.
To address cause 3, CDNetworks combined our leading Threat Intelligence Library with client-side fingerprinting and other leading technologies to develop algorithms based on Artificial Intelligence (AI) to monitor the workflow of key requests directed at the customer’s websites in order to build a dynamically updated workflow analysis model. With this model in place, client-side access is blocked from requests that do not conform to the normal access baseline of the workflow predicted by the AI model.
For our customer, the algorithm blocked over 2 million bot attacks successfully every day. It is important to note that combatting malicious bot attacks is a continuous process. As hackers intensify their fight, the CDNetworks AI algorithm studies the latest analytical models of bot attacks and continues to build a comprehensive security umbrella to safeguard the customer’s sensitive and critical information from bad actors. CDNetworks paid particular attention to attacks directed at our customer’s business operations, where anomaly-based detection was used to customize and adjust protection policies in daily monitoring based on advanced analytics.
The last ingredient figuring into the mix was our security experts’ advice to use Bot Shield to conduct bot identification, management, blocking, and continuous protection in a closed-loop environment to help the customer develop its business in a more stable way.
