sb-au logo
Story image

Streaming services prime targets for credential stuffing attacks

09 Apr 2019

Video and streaming services are prime targets for cyber attackers who attempt to conduct credential stuffing attacks, according to new research from Akamai.

Credential stuffing is when attackers use automated tools to test if stolen login information works on other websites – it takes advantage of the common poor password practice of using the same login details on multiple websites.

That stolen login information and credentials could be used for many different purposes – most often they are sold, traded, or harvested for personal information and available for sale on the dark web, says Akamai.

“Many accounts compromised via credential stuffing will sell for as little as $3.25 USD. These accounts come with a warranty: If the credentials don’t work once sold, they can be replaced at no cost, which is a service seller’s offer to encourage repeat purchases. The reason this service exists is that brands have become increasingly quick to detect compromised accounts and deactivate them,” the report states.

In 2018, three of the largest credential stuffing attacks against streaming services all occurred after reported data breaches. Those attacks ranged from 133 million to 200 million stuffing attempts, suggesting that attackers were testing stolen credentials before selling them on the black market.

"Hackers are very attracted to the high profile and value of online streaming services," explains Akamai director of security technology and strategy, Patrick Sullivan.

"Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse,” says Sullivan. 

“The good news is that organisations are taking the threat seriously and investigating security defences. Akamai offers its research and best practices to help these organizations who are facing significant brand and financial harm," he adds.

The report lists the United States as the top country of origin for the attacks, followed by Russia, Canada, Vietnam, India, Brazil, Malaysia, Indonesia, Germany, and China. 

The United States is also the top target, followed by India, Canada, Germany, Australia, Korea, China, Gibraltar, the Netherlands, Japan, Italy, France, and Hong Kong. 

Previous Akamai research noted that media, gaming and entertainment companies saw 11.6 billion attacks between May and December 2018.

“Partnering with a solid solutions provider to help detect and stop credential stuffing attacks is the obvious option to defend against such things. But addressing the credential stuffing threat isn’t a simple situation. An organisation needs to ensure a defensive solution is tailored to the business, as criminals will adjust their attacks accordingly to evade out-of-the-box configurations and basic mitigations,” the report states.

“And yet there is more to fixing the problem than a single vendor or set of products. Users need to be educated about credential stuffing attacks, phishing, and other risks that put their account information in jeopardy. Brands should stress the use of unique passwords and password managers to customers and highlight the value of multi-factor authentication. When discussing ATOs and AIO scripts, criminals often complain about the use of multi-factor authentication, which is a particularly effective method of stopping most of their attacks.”

“Constant reinforcement of these solutions, managed the same way any awareness program would, has worked for organisations in the financial and gaming industries.”

Statistics are from Akamai’s State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report.

Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Five big security questions facing CISOs
Given the global pandemic and the sudden shift in how the workforce operates, the CISOs worldwide have faced an unprecedented set of challenges. Several months into the transition, new struggles continue to arise, while many of the original ones remain unanswered.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Aruba ClearPass recognised by independent evaluation program
Aruba’s ClearPass Security Portfolio has recevived the coveted Cyber Catalyst designation, according to a statement from the company. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More