Case Study: Healthcare Industry
Automated Fraud

Cybercriminals often use DDoS attacks to extort targets or to mask other concurrent attacks.

Healthcare Industry Case Study

Overview

Website Taken Down by Application Layer Distributed Denial-of-Service

A major insurer with over 20 million members relies on its website to deliver information on providers, benefits, and plans. Because the services offered by the insurer are complex and highly personalized, search is a popular and essential website component.

Recently, an attacker flooded the search function with queries for multiple days. The resulting application layer distributed denial-of-service (app layer DDoS) caused the search function to fail and prevented members from using it. Other sections of the website also failed since web server resources are shared across website elements.

Cybercriminals often use DDoS attacks to extort targets or to mask other concurrent attacks. In this case, the attacker did not contact the company. However, Shape researchers observed low-level automated scraping activities occurring at the same time as the DDoS attack, indicating the DDoS attack may have been a diversionary tactic.

Key Points

Automated Fraud Attack Graph

DOWNLOAD FULL CASE STUDY (3.6MB PDF)

 

 
4 minute preview

Avivah Litan:

VP Distinguished Analyst, Gartner

How to Stop Automated Attacks on Web Applications.
Learn how and why automation-based attacks pose serious threats to web applications. View the video preview to learn what type of websites are targeted.

View Full On-Demand Webinar

Under Cyberattack?
Test drive shape rapid defense.

Get Threat Assessment

2017 CREDENTIAL SPILL REPORT   DOWNLOAD