Broadcasters Hit By Sharp Rise In Credentials Stuffing Attacks

Broadcasters and video service providers have become ever more attractive targets of credential stuffing attacks for cyber criminals seeking both content and subscribers’ personal details.

The media industry as a whole was subjected to 17 billion credential stuffing attacks over the two years between January 2018 and December 2019, accounting for a fifth of the 88 billion global total, according to a report just out from leading CDN (Content Delivery Network) provider Akamai.

Broadcast TV and video web sites experienced particularly strong rises in attacks, enduring respectively 630% and 208% year-over-year increases between 2018 and 2019. Attacks against video services rose less dramatically but still substantially by 98%, while those against online video platforms actually fell by 5%. The latter, including YouTube and Facebook Live, are less attractive targets because a lot of their content is free anyway and it includes shared material less attractive to pirates.

The Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry report found that this steep rise in attacks against video sites and especially broadcast TV coincided with an explosion of on-demand media content in 2019. “In addition, two major video services launched last year with heavy support from consumer promotions. These types of sites and services are well aligned to the observed goals of the criminals who target them,” according to the report.

Credential stuffing attacks are not to be confused with credential cracking, which applies large scale brute force automated login requests where credentials are guessed. Such attacks are less successful and easier to protect against.

Credential stuffing attacks occur because so many consumers use the same combinations of username and password for accessing multiple services and web sites. This enables cybercriminals to apply credentials stolen from one web site in malicious login attempts against others with a relatively high success rate. Roughly 80% of consumers use the same password for at least two accounts while about 25% do so for virtually all their accounts, so on that basis hackers can expect a high success rate targeting popular services.

This high success rate makes credential stuffing attacks harder to combat, because they do not generate such unusual traffic profiles that can be detected via proactive monitoring. Nonetheless there are defenses that can be employed on the basis of monitoring, although it is not clear how successful they are. For that reason, Akamai recommends both that users be encouraged to apply better “credentials hygiene” by not reusing passwords, while also putting pressure on service providers to employ stronger authentication methods.

The problem is that consumers are resistant to having to use multiple passwords, while video services and web sites are reluctant to enforce say two factor security requiring users to hold a secure token or make use of their smart phones as additional factors because that might provoke churn to rivals that do not impose such barriers.

The value for hackers in media industry accounts lies in the potential access to compromised assets, like premium content, along with personal data such as credit card numbers and bank details. “We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages,” said Steve Ragan, Akamai security researcher and author of the report. “Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”

The USA was by far the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018, while India was the most targeted country that year, enduring 2.4 billion attacks with the USA the second most targeted at 1.4 billion.

Akamai has also reported a surge in such malicious login attempts against European video service providers and broadcasters during the first quarter of 2020. Another recent trend showing up during that quarter was a rise in the number of criminals sharing free access to newspaper accounts, reflecting the growth in paywalls in this sector. In those cases credential stuffing campaigns are conducted against the newspaper web sites to steal the working username and password combinations that are then given away for self-promotions by the cybercriminals.

You might also like...

Public Service Broadcasters Juggle Linear And Online To Maximize Coverage

The decline of public service broadcasting has been one of those long running narratives that is sometimes defied by reality, like the death of the set top box.

Field Report: NewTek Spark Plus 4K

NDI (Network Device Interface) is a free protocol for Video over IP, developed by NewTek. The key word is “free.”

NAB 2021 Cancelled

NAB have announced the show scheduled for October 2021 has been cancelled.

TV Stations Coping With Severe Weather But Keep The Reports Coming

Violent weather storms are wreaking havoc on the East Coast of the U.S. and radio and TV stations there are struggling to get the life-saving news out. In the past two months alone storms have knocked out TV antenna…

PTP V2.1 – New Security & Monitoring For IP Broadcast Infrastructures - Part 1

Timing accuracy has been a fundamental component of broadcast infrastructures for as long as we’ve transmitted television pictures and sound. The time invariant nature of frame sampling still requires us to provide timing references with sub microsecond accuracy.