How VNIS's Account Takeover Prevention feature work?
The Account Takeover Prevention (ATP) function that has just been integrated into VNIS has the role of reviewing and handling suspicious access through stolen accounts, helping to increase the ability to prevent online fraud attacks on users at every unit's server system.
When using WAF on the VNIS platform, customers can create their own ATP rules according to different options that are essential to their needs or combine all status codes, body, and headers for their website or application system to detect errors, account hijacking attack methods and quickly apply prevention measures.
ATP feature configuration table for VNETWORK customers
A specific example of how the ATP rule works:
If the maximum number of login attempts the customer sets is 3 requests/minute, the maximum number of login attempts with incorrect information is also 3 attempts/minute and the status code returned for incorrect login attempts is 401. When the system ATP finds that the number of logins per minute is exactly equal to the maximum number of logins the customer initially set, the system will perform a block action or temporarily lock the ability to log in for a pre-specified time depending on the configuration customers want.
-
With status code: Suppose a user logs into the system with incorrect information, the ATP system will return 401 Status Code. If that user still continuously sends incorrect information and when the ATP system returns code 401 3 times, preventive action will be taken according to the customer's configuration.
-
With body: Suppose the request from the system returns with the username or wrong password reason and if the body information is returned more than 3 times with the above content, action will be taken according to the installed configuration.
-
With header: Assuming the user logs in incorrectly, the system returns 1 Header x-login: Failed, if that user still continuously sends incorrect information and the ATP system returns more than 3 times Header x-login: Failed, the command will be executed according to the previously specified configuration.
There are 2 main types of actions when the ATP system notices that the number of logins has equaled with the limit set by the customer: Block and Rate limit
-
When the customer chooses a block method: The ATP system will block that IP with status 403 for a fixed time.
-
When the customer chooses a limit method: The ATP system will block that IP with the status "too many requests" for the period time that the customer set.
Why did VNETWORK decide to include the ATP feature in the VNIS defense system?
According to NCS statistics, in the first 6 months of 2023, there were 5,100 cyber attacks on systems in Vietnam and nearly 400 websites of agencies and organizations with domain names .gov.vn and .edu.vn were affected. Hacking, inserting advertising code for gambling, betting and a series of online frauds continuously occur. Intentional APT attacks on key facilities increased by about 9% over the same period in 2022. As a result, losses in some cases reached billions of dong, while the form of attacks in phishing scams are increasingly sophisticated and unpredictable.
Account takeover is an extremely serious problem for businesses with complex IT infrastructures. With just one stolen account, hackers can conduct phishing attacks on a business's system, destroying business operations and brand reputation. Therefore, VNIS's new ATP feature helps detect and prevent online fraud attacks immediately, ensuring reputation as well as active business activities of the enterprise.
The ATP feature has just been updated by VNETWORK using advanced technology, including machine learning and behavioral analysis. Combined with the experience of detecting and preventing online fraud attacks from leading experts in the field of network security, it helps manage, control, and detect online fraud attacks such as account hijacking, fake accounts, fake transactions,...
In the future, there will be many new forms of attacks applied by hackers for their purposes, but the leading cybersecurity experts at VNETWORK will continue to research and develop, constantly updating security features. New security with the goal of early detection and prevention of sophisticated attacks, providing comprehensive security for customers.
Experience the effectiveness of the Account Takeover Prevention (ATP) feature on the VNIS platform today with the 7-day trial PoC program from VNETWORK. During the PoC process, you have full control over configuration and will receive a full report to make appropriate assessments and decisions. Contact now for advice and support at Hotline: (028) 7306 8789 or email to: contact@vnetwork.vn.