Akamai: Media Industry Bombarded By Credential Stuffing Attacks (CDSA)

Between January 2018 and last December, the media industry was bombarded with approximately 17 billion credential-stuffing attacks, with cybercriminals constantly testing content companies’ security with compromised user credentials to breach systems.

That’s according to a new report from edge platform specialist Akamai, which found a full 20% of all 88 billion credential stuffing attacks observed during that period were geared toward the media and entertainment sector, showing just how lucrative premium content assets and personal data are to cyber thieves.

“We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages,” said Steve Ragan, Akamai security researcher and author of the “State of the Internet/Security” report. “Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”

Akamai’s report noted a 63% year-over-year increase in attacks against the video media, 630% and 208% year-over-year increases in attacks against broadcast TV and video sites, respectively, and attacks targeting video services up 98%. The growth in this type of cyberattack meshes with the recent explosion in on-demand media content offerings, which also coincides with major video services offering major consumer promotions, attracting both paying consumers and the cyber criminals looking to exploit them.

When it comes to media-specific credential stuffing attacks, it was not surprise that the U.S. came in at No. 1, according to Akamai’s data, with 1.1 billion attacks against M&E firms in 2019, up 162% year over year. India was No. 1 in all credential stuffing attacks, regardless of industry, in 2019, with 2.4 billion credential stuffing attacks.

“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” Ragan said. “Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks.

“While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies and expertise that can help protect customers without adversely impacting the user experience.”

To access the full report, click here.