Friday 29 Mar 2024
By
main news image

KUALA LUMPUR (July 16): The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019, according to US-based cybersecurity company Akamai Technologies Inc.

Nasdaq-listed Akamai, in its latest 2020 State of the Internet report, said it found 20% of total total credential stuffing attacks of 88 billion observed during the reporting period targeted media companies.

Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorised access to user accounts through large-scale login requests directed against a web application.

Akamai said media companies present an attractive target for criminals.

According to the report, there was a 63% year-on-year (y-o-y) increase in attacks against the video media sector.

The report also showed 630% and 208% y-o-y increases in attacks against broadcast television and video sites respectively. Attacks targeting video services were up 98%, while those against video platforms dropped by 5%, it noted.

Akamai security researcher and author of the report Steve Reagan said much of the value of media industry accounts lies in potential access to both compromised assets, like premium content, along with personal data . 

“We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen reward points from local restaurants and marketing the nefarious offering as ‘date night’ packages.

“Once the criminals get a hold of the geographic location information of the compromised accounts, they can match them up to be sold as dinner and a movie,” he explained in the report.

Akamai observed a staggering 7,000% increase in attacks targeting published content. Newspapers, books and magazines sit squarely within the sights of cybercriminals, indicating that media of all types appear to be fair game when it comes to such attacks.

The US was the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018.

France and Russia came in second and third with 393 million and 243 million attacks respectively.

Akamai said the most targeted country in 2019 was India with 2.4 billion credential stuffing attacks. This was followed by the US at 1.4 billion and the UK at 124 million.

“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” Reagan explained.

“Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks. While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policy and expertise that can help protect customers without adversely impacting user experience," he said.

Publication of the report was delayed as a result of the Covid-19 pandemic, allowing Akamai to include first-quarter (1Q20) data in it.

For 1Q20, there was a large spike in malicious login attempts against European video service providers and broadcasters, and an increase in the number of criminals sharing free access to newspaper accounts.

Akamai also noted a decline in the cost of stolen account credentials over this quarter as prices fell with new accounts and lists of recycled credentials populated the market. 

      Print
      Text Size
      Share