Image: anyaberkut, Getty Images/iStockPhoto

There was a large spike in malicious login attempts against European video service providers and broadcasters during the first quarter of 2020, a newly-released report from digital platform provider Akamai found.

“One attack in late March, after many isolation protocols had been instituted, directed nearly 350,000,000 attempts against a single service provider over a 24-hour period,” according to Akamai’s 2020 State of the Internet/Credential Stuffing in the Media Industry report.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

“Separately, one broadcaster well known across the region, was hit with a barrage of attacks over the course of the quarter with peaks that ranged in the billions,” the report said.

The number of criminals sharing free access to newspaper accounts was another trend observed during the first quarter of 2020, Akamai said. “Often offered as self-promotional vehicles, credential stuffing campaigns must still be initiated in order to steal the working username and password combinations that are given away,” the company said.

Credential stuffing is a technique that attackers use to take over user accounts through automated web injection, according to the Open Web Application Security Project (OWASP).

Akamai researchers also observed a decline in the cost of stolen account credentials over the course of the quarter, which traded for about $1 to $5 at the start and $10 to $45 for package offers of multiple services. Those prices fell as new accounts and lists of recycled credentials populated the market.

The end of passwords: Industry experts explore the possibilities and challenges (TechRepublic)

Akamai also found that the media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019.

Twenty percent of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies, Akamai said.

Image: Akamai

The huge uptick in on-demand content is a factor

Media companies are an attractive target for criminals and saw a 63% year-over-year increase in attacks against the video media sector, the report said. Additionally, there were 630% and 208% year-over-year increases in attacks against broadcast TV and video sites, respectively. At the same time, attacks targeting video services are up 98%, while those against video platforms dropped by 5%.

“The marked uptick in attacks aimed at broadcast TV and video sites appear to coincide with an explosion of on-demand media content in 2019,” Akamai said. “In addition, two major video services launched last year with heavy support from consumer promotions. These types of sites and services are well aligned to the observed goals of the criminals who target them.”

SSL Certificate Best Practices Policy (TechRepublic Premium)

Much of the value in media industry accounts lies in the potential access to both compromised assets, like premium content, along with personal data according to Steve Ragan, Akamai security researcher and the report’s author, in a statement. “We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages.”

Once the criminals get access to the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie, Ragan said.

Published content also a target

But video sites are not the sole focus of credential stuffing attacks within the media industry. The report notes a staggering 7,000% increase in attacks targeting published content. Newspapers, books and magazines are also prime targets of cybercriminals, indicating that media of all types appear to be fair game when it comes to these types of attacks, Akamai said.

The United States was by far the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018, according to the report. France and Russia were a distant second and third with 393 million and 243 million attacks, respectively.

A passwordless future: How security keys and biometrics are taking over (TechRepublic)

India was the most targeted country in 2019, enduring with 2.4 billion credential stuffing attacks. It was followed by the United States at 1.4 billion and the United Kingdom at 124 million.

“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” Ragan explained. “Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks.”

This reinforces why awareness programs explaining the risks related to shared and recycled passwords are so important, the report said. “In addition, there is a serious need for stronger authentication methods, such as multi-factor authentication, which will further protect accounts from attack.”