A survey from Akamai Technologies found that credential stuffing attacks on the media industry have increased in the last two years. According to the survey report “Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry,” 20% of the 88 billion total credential stuffing attacks were reported on media and video streaming companies, with 17 billion attacks reported between January 2018 and December 2019. The report also found a 63% year-over-year increase in attacks against the media sector, followed by broadcast TV (630%) and video sites (208%).
A Common Ground for Cybercriminals
A staggering 7,000% increase was reported in credential stuffing attacks on published content such as newspapers, books, and magazines. India was the most targeted country in 2019, with 2.4 billion credential stuffing attacks followed by the U.S. with 1.4 billion attacks, and the U.K. with 124 million. The U.S. was the primary source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018. France and Russia stood second and third with 393 million and 243 million attacks, respectively.
There was a major rise in malicious login attempts against European video service providers and broadcasters in Q1 2020. The number of cybercriminals sharing free access to newspaper accounts also increased during the same period.
Steve Ragan, security researcher at Akamai, said, “We’ve observed a trend in which hackers are combining credentials from a media account with access to stolen rewards points from local restaurants, and marketing the nefarious offering as date night packages. Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”
“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information. Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks. While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies, and expertise that can help protect customers without adversely impacting the user experience,” Ragan added.