NYC Government Financial Agency
NYC Government Agency Stops Multi-Week Attack and Secures Critical Financial Services with Cloudflare Application Security
The NYC Government Agency serves a community of over 300,000, including active employees at NYC government agencies.
A multi-week credential-stuffing attack
The NYC Government Agency was targeted by a multi-week password-guessing attack by an attacker with scraped user IDs for the organization’s remote employees. While the attack was ultimately unsuccessful at breaching accounts, the sheer volume of malicious traffic was overwhelming the agency’s security team and firewall infrastructure.
“Several other CISOs recommended Cloudflare to me,” commented the CISO for the NYC Government Agency. “We called Cloudflare because our security team was up every night for a couple of weeks looking at the activity,” they recalled. “The best mitigation we had was blocking IP addresses at our existing firewall.” However, this approach was unsustainable, due to the high volume of traffic the firewall needed to process,and ran the risk of blocking legitimate IP addresses if attackers were using public cloud infrastructure to host their attacks.
Blocking attack traffic from reaching the network
“Cloudflare was very easy to get up and running,” praised the CISO, “and with so many customers globally, it has a good gauge on active threats.” A successful credential stuffing attack posed a serious threat to this NYC Government Agency, which protects sensitive information, such as personal information.
Within a few hours, Cloudflare was deployed in front of the agency’s systems, and the attack traffic dropped immediately. The deployment freed the security team from the unsustainable, manual work of blocking IP addresses. “After implementing the two Cloudflare controls that throttled the attack traffic, our situation improved significantly. Attack volume dropped by over 90% immediately, and thanks to Cloudflare, we are now able to block approximately 500 Million malicious requests per month from reaching our origin,” they explained.
Since then, the organization has experienced a dramatic reduction in attack traffic. It’s estimated that over 76% of attacks are now blocked, including malicious traffic originating outside the U.S. Blocking IPs and traffic from outside the U.S. alone already accounted for 53% of the total attack.
While the organization initially deployed Cloudflare WAF to manage a credential stuffing attack, it’s now taking advantage of other solutions to protect against other pressing threats. “Before, we would have to layer multiple security tools and controls to achieve the same level of security that Cloudflare offers in one package and a single dashboard,” the CISO explained. With Cloudflare's application-layer DDoS protection, the organization has been able to stop attackers from overloading its servers with bad requests.
Enhanced visibility improves security and reliability
Cloudflare helped mitigate a multi-week attack and continues to block attack traffic from reaching the agency’s environment. The visibility that it
- Attack Volume Blocked: Blocked approximately 500 Million attack requests per month.
- Rapid Defense: Deployed and actively mitigating the ongoing attack in under 2 hours.
- Total Coverage: Over 76% of all malicious attacks are now blocked at the edge.
- Team Relief: Reduced manual incident response time by 50% per week.
- Service Reliability: Maintained 100% availability for the platform after deployment.
“We called Cloudflare because our security team was up every night for a couple of weeks looking at the activity. Cloudflare deployment freed us from that unsustainable, manual work.”
CISO
NYC Government Agency
“Before, we would have to layer multiple security tools and controls to achieve the same level of security that Cloudflare offers in one package and a single dashboard.”
CISO
NYC Government Agency