Digital Security:
Detecting & Stopping Attacks

Hundreds of thousands of dollars evaporated, fradulent transactions, fake accounts, and a vulnerable app. Arrow Digital was tasked with identifying, analyzing, and patching an hole in our client’s system that was being actively exploited. Our team of engineers worked around the clock and was able to stop the attack in less than 24 hours.

The challenge

Arrow was approached by our client, who for security reasons will remain undisclosed, in order to put out a fire. Their application was being exploited by malicious actors who were draining hundreds of thousands of dollars from their multinational e-commerce platform. They had no idea how the attack was being executed, they had simply noticied the discrepancies in between their platform invoices and their financial statements.

Our Solution

With this urgent request Arrow set to run a penetration test on our client’s platform. In less than 1 hour we were able to reproduce the bug. In 2 hours we had devised a plan to stop it via a multi pronged verification system that would actively prevent, alert, and mitigate fraud attempts. After less than 24 hours the vulnerability was fixed, their payment system was secured against any other vectors, and our client now had all the required data to pursue legal action.

Our Technology

1.

We implemented an efficient proprietary fraud detection algorithm into our client’s payment servers, this service actively flagged fradulent transactions, preventing any attack vectors.

2.

Arrow likewise patched two key security vulnerabilities in our client’s application and API. First being an insecure direct object reference, and the second a client side security credential leak.

3.

Going above and beyond we delivered a full penetration test report to our client, showcasing several other vulnerabilities in their mobile applications and in their web application.

4.

Lastly we executed a complete analysis of our client’s financial data and e-commerce platform data, uncovering patterns in the accounts that were used to exploit our client’s platform over the past 2 years. This data analysis proved to be crucial to our client’s legal team in their efforts to pursue legal action.

Key Results

With Arrow’s anti-fraud algorithm installed, any potential transaction fraud gets detected and stopped before the final transaction takes place

Our team of engineers provided a complete penetration test report showcasing all other existing vulnerabilities in the client’s platform

In less than 24 hours the vulnerabilities in the e-commerce application and the back end API were uncovered and fixed

Our client’s legal team was provided with a detailed financial data analysis showcasing all fradulent transactions over the past 2 years

Arrow Digital’s Differential

  • Expediency in designing and implement urgent fixes
  • Proficiency in debugging live applications and exposing vulnerabilities
  • Dilligency in executing a complete penetration test in front end clients and back end servers
  • Experience cross referencing multiple data sources and delivering a detailed data analysis report

Understanding the importance of stopping this exploit, our team worked around the clock over the weekend to analyze and secure the platform, it is thanks to this dedication that we were able to deploy the required fixes in less than 24 hours

Caio Mikozewski, CTO Arrow Digital

© Arrow Digital - 2023 - All rights reserved

+1 (646) 631-5868

[email protected]

Let’s Talk
Facebook Linkedin Whatsapp

Let's talk

WhatsApp