Introduction
Between January 1, 2018, and December 31, 2019, Akamai recorded more than 88 billion credential stuffing attacks across all industries. When we look specifically at the media sector, which includes streaming media, television networks, cable networks, broadcasting, and even digital publishing and advertising, that number is about 17 billion, or about 20% of all attacks.
In our previous media report, we wrote that media organizations were among the biggest targets of credential stuffing, and here we see continuing support of this observation. In large part, the public visibility of media companies makes them the target of attacks more frequently than most other verticals.
Year over year, there was a 63% increase in credential stuffing attacks in the video media sector when we examine data for 2018 and 2019. Some of this growth is due to new visibility. With more customers and customer assets (i.e., hostnames) being added to the fold, it shows that even with a vast amount of visibility, we’re only scratching the surface when it comes to the attacks we’re seeing.
Criminals realize the resale value of accounts in the media industry and that the personal data those accounts contain is useful, too. That data can be collected and resold as a sort of “value-add” proposition to the compromised media assets.
For example, a compromised pizza account with reward points (enabling free food delivery) is combined with a compromised streaming media account in the same location and sold to people in those areas, often at a markup.
These “date-night” offers are pre-packaged and leverage a number of data points, all of which come from examining the compromised source.
The same thing happens with money laundering. Criminals will take a person’s identity, match it to compromised financial accounts, and verify their location and other data points by looking at what’s in their streaming media profiles. If the media platform’s data (address, name, and access locations) matches the compromised personal information, as well as the records on their financial accounts, then the criminal has all the information needed to acquire proxy services or remote desktop access in the general geographic region. Doing so enables them to slip past some of the more basic defenses and is a key element to many account takeover scams.
In this report, we examine the attack trends in the media sector over a 24-month period, as well as what organizations are seeing on a continual basis. The data shows that credential stuffing attacks and account takeover activity in the media industry continue to grow at a steady pace, without any signs of slowing in the near future.