CDSA

Verizon Media Report: Security Breaches Hitting OTT Services Hard

Half of streaming media executives say security breaches have degraded their service’s user experience, a third of respondents say they’ve suffered a service outage due to cyber intrusions, and 14 percent say they’ve content misappropriated at some point.

That’s according to a new, in-depth report from Verizon Media, which tackles the state of security for OTT services, covering whether the success of a service attracts unwanted attention from cybercriminals, whether cyberattacks on services are increasing, and details which vulnerabilities are specific to OTT platforms and technologies.

“As your streaming service grows, it becomes a more attractive target for a cyberattack,” the report — “Protecting Your OTT Streaming Service From Cyberattacks” — opens in its introduction. “With an increase in audience, your store of data expands. Customer payment details, email addresses, physical addresses, names and passwords are a treasure trove difficult for hackers to resist. Also, as you grow, so too does your surface area for attack. A large variety of supported client devices provide a variety of vulnerabilities to exploit.

“Nobody understands the extent of cyberattacks better than Hollywood.”

Credential stuffing attacks on authentication servers can put customer account information into the hands of hackers, cybercriminals will use attacks to exploit vulnerabilities in the application architecture and software code, OTT services aren’t immune from classic distributed-denial-of-service (DDoS) attacks, and phishing attacks aren’t going anywhere, the report noted.

The report estimates as many as three-quarters of cyberattacks leverage application vulnerabilities, with one cybersecurity software company reporting a 40 percent increase in
malicious API traffic during the third week of April 2020 alone, centered around a single weakness, a login API for an Android application. “Streaming services can be particularly vulnerable to application attacks because there are hundreds of messages via APIs between a server and client when setting up and maintaining a video play session,” the report reads. “These interactions allow hackers to install small bits of code on the client or server, which gives them access to data and content.”

On the DDoS front, Verizon Media reported that between the first half of 2019 and 2020, DDoS attacks increased by 151 percent, and the number of attacks sized at least 100 Gbps grew 275 percent in the first half of 2020.

DDoS protection, web application firewalls and bot management are among the top cybersecurity solutions to the report recommends. For DDoS protection, survey respondents said they’re moving from on-premises solutions like data center intrusion prevention to
cloud-based DDoS protection, in order to get the scale needed to protect against the sophistication and duration of modern DDoS attacks. WAFs, meanwhile, help in eliminating application vulnerabilities that hackers exploit, protecting servers by “analyzing HTTP/HTTPS traffic and applying rules to conversations between the server and clients.”

Attackers will use bots to orchestrate DDoS attacks and handle login attempts required for credential stuffing attacks, the report stressed, making a bot management solution important. A majority of respondents said they are moving to cloud proxy as their bot management solution.

“The increasing frequency, severity and sophistication of cyberattacks mean your streaming service is under constant threat,” the report concludes. “Your service is a prime target for
cybercriminals who can easily monetize your customer data and highly desirable content.

“Regardless of the particular security implementation you initially selected, the rapid evolution of cyberattacks may have you wondering if you have adequate protection for your online presence. If you feel there is a gap between your security priorities and your preparedness, it could be time to evaluate new security approaches.”

To access the full report, click here.