Broadcasters Hit By Sharp Rise In Credentials Stuffing Attacks

Broadcasters and video service providers have become ever more attractive targets of credential stuffing attacks for cyber criminals seeking both content and subscribers’ personal details.

The media industry as a whole was subjected to 17 billion credential stuffing attacks over the two years between January 2018 and December 2019, accounting for a fifth of the 88 billion global total, according to a report just out from leading CDN (Content Delivery Network) provider Akamai.

Broadcast TV and video web sites experienced particularly strong rises in attacks, enduring respectively 630% and 208% year-over-year increases between 2018 and 2019. Attacks against video services rose less dramatically but still substantially by 98%, while those against online video platforms actually fell by 5%. The latter, including YouTube and Facebook Live, are less attractive targets because a lot of their content is free anyway and it includes shared material less attractive to pirates.

The Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry report found that this steep rise in attacks against video sites and especially broadcast TV coincided with an explosion of on-demand media content in 2019. “In addition, two major video services launched last year with heavy support from consumer promotions. These types of sites and services are well aligned to the observed goals of the criminals who target them,” according to the report.

Credential stuffing attacks are not to be confused with credential cracking, which applies large scale brute force automated login requests where credentials are guessed. Such attacks are less successful and easier to protect against.

Credential stuffing attacks occur because so many consumers use the same combinations of username and password for accessing multiple services and web sites. This enables cybercriminals to apply credentials stolen from one web site in malicious login attempts against others with a relatively high success rate. Roughly 80% of consumers use the same password for at least two accounts while about 25% do so for virtually all their accounts, so on that basis hackers can expect a high success rate targeting popular services.

This high success rate makes credential stuffing attacks harder to combat, because they do not generate such unusual traffic profiles that can be detected via proactive monitoring. Nonetheless there are defenses that can be employed on the basis of monitoring, although it is not clear how successful they are. For that reason, Akamai recommends both that users be encouraged to apply better “credentials hygiene” by not reusing passwords, while also putting pressure on service providers to employ stronger authentication methods.

The problem is that consumers are resistant to having to use multiple passwords, while video services and web sites are reluctant to enforce say two factor security requiring users to hold a secure token or make use of their smart phones as additional factors because that might provoke churn to rivals that do not impose such barriers.

The value for hackers in media industry accounts lies in the potential access to compromised assets, like premium content, along with personal data such as credit card numbers and bank details. “We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages,” said Steve Ragan, Akamai security researcher and author of the report. “Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”

The USA was by far the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018, while India was the most targeted country that year, enduring 2.4 billion attacks with the USA the second most targeted at 1.4 billion.

Akamai has also reported a surge in such malicious login attempts against European video service providers and broadcasters during the first quarter of 2020. Another recent trend showing up during that quarter was a rise in the number of criminals sharing free access to newspaper accounts, reflecting the growth in paywalls in this sector. In those cases credential stuffing campaigns are conducted against the newspaper web sites to steal the working username and password combinations that are then given away for self-promotions by the cybercriminals.

You might also like...

TV Industry Can Claw Back $28 Billion Per Year From Sports Pirates

The TV industry, including pay TV operators, rights holders and new streaming providers, could recoup $28.3 billion a year from pirates by luring consumers back to legitimate video services.

MovieLabs Updates Enhanced Content Protection Specification

MovieLabs has released the latest Version 1.3 of its enhanced content security specifications for 4K, HDR and premium window content, with additional guidance on disabling debugging interfaces and handling security software updates.

The Sponsors Perspective: Protecting Content Is A Never-Ending Battle

For content providers (studios, content owners, content aggregators, or other content licensors) and their licensees (affiliates) operating in a multiplatform world - and pirates looking to obtain illegal access to the most popular content - it’s an unrelenting game o…

Essential Guide: Protecting Premium Content OTT & VOD Distribution

The complexity of modern OTT and VOD distribution has increased massively in recent years. The adoption of internet streaming gives viewers unparalleled freedom to consume their favorite live and pre-recorded media when they want, where they want, and how they…

Ultra HD Forum Announces Watermarking API

The Ultra HD Forum has confirmed launch of its first API for forensic watermarking before the end of 2020.