Broadcasters Hit By Sharp Rise In Credentials Stuffing Attacks

Broadcasters and video service providers have become ever more attractive targets of credential stuffing attacks for cyber criminals seeking both content and subscribers’ personal details.

The media industry as a whole was subjected to 17 billion credential stuffing attacks over the two years between January 2018 and December 2019, accounting for a fifth of the 88 billion global total, according to a report just out from leading CDN (Content Delivery Network) provider Akamai.

Broadcast TV and video web sites experienced particularly strong rises in attacks, enduring respectively 630% and 208% year-over-year increases between 2018 and 2019. Attacks against video services rose less dramatically but still substantially by 98%, while those against online video platforms actually fell by 5%. The latter, including YouTube and Facebook Live, are less attractive targets because a lot of their content is free anyway and it includes shared material less attractive to pirates.

The Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry report found that this steep rise in attacks against video sites and especially broadcast TV coincided with an explosion of on-demand media content in 2019. “In addition, two major video services launched last year with heavy support from consumer promotions. These types of sites and services are well aligned to the observed goals of the criminals who target them,” according to the report.

Credential stuffing attacks are not to be confused with credential cracking, which applies large scale brute force automated login requests where credentials are guessed. Such attacks are less successful and easier to protect against.

Credential stuffing attacks occur because so many consumers use the same combinations of username and password for accessing multiple services and web sites. This enables cybercriminals to apply credentials stolen from one web site in malicious login attempts against others with a relatively high success rate. Roughly 80% of consumers use the same password for at least two accounts while about 25% do so for virtually all their accounts, so on that basis hackers can expect a high success rate targeting popular services.

This high success rate makes credential stuffing attacks harder to combat, because they do not generate such unusual traffic profiles that can be detected via proactive monitoring. Nonetheless there are defenses that can be employed on the basis of monitoring, although it is not clear how successful they are. For that reason, Akamai recommends both that users be encouraged to apply better “credentials hygiene” by not reusing passwords, while also putting pressure on service providers to employ stronger authentication methods.

The problem is that consumers are resistant to having to use multiple passwords, while video services and web sites are reluctant to enforce say two factor security requiring users to hold a secure token or make use of their smart phones as additional factors because that might provoke churn to rivals that do not impose such barriers.

The value for hackers in media industry accounts lies in the potential access to compromised assets, like premium content, along with personal data such as credit card numbers and bank details. “We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages,” said Steve Ragan, Akamai security researcher and author of the report. “Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”

The USA was by far the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018, while India was the most targeted country that year, enduring 2.4 billion attacks with the USA the second most targeted at 1.4 billion.

Akamai has also reported a surge in such malicious login attempts against European video service providers and broadcasters during the first quarter of 2020. Another recent trend showing up during that quarter was a rise in the number of criminals sharing free access to newspaper accounts, reflecting the growth in paywalls in this sector. In those cases credential stuffing campaigns are conducted against the newspaper web sites to steal the working username and password combinations that are then given away for self-promotions by the cybercriminals.

You might also like...

Microphones: Part 10 - Mid-Side (M-S) Recording And Processing

M-S techniques provide useful sound-field positioning and a convenient way to check mono compatibility. We explain the hard science behind this often misunderstood technique.

Innovating The Interactive Sports Fan Experience - Monumental Sports Network Are Early Adopters

As we continue our dive into the new frontier of Interactive Rights we explore the first steps taken by an early adopter. Monumental Sports Network in Washington are far from implementing a complete portfolio of interactive enhancements to their broadcasts…

Monitoring & Compliance In Broadcast: Monitoring Cloud Infrastructure

If we take cloud infrastructures to their extreme, that is, their physical locality is unknown to us, then monitoring them becomes a whole new ball game, especially as dispersed teams use them for production.

Neutral TV Operating Systems

TV OSs have become pivotal to both smart TVs and streaming services as consumers continue to cut the cord. There is growing interest not just among TV makers but also major streaming and advertising platforms in neutral TV OSs independent…

Sweden’s Accelerating Journey From DTT To OTT

2025 may be a watershed year for the broadcast delivery switchover from DTT (Digital Terrestrial Television) to IP (Internet Protocol). We know that an increasing number of viewers of broadcaster content are turning to their favorite streaming apps to watch the…