Security Market Segment LS
Thursday, 16 July 2020 19:11

Credential stuffing attacks on media industry soar: Akamai

Credential stuffing attacks on media industry soar: Akamai Courtesy Akamai

Content delivery network Akamai claims media companies are a growing target for credential stuffing attacks during which cyber criminals use automated tools to use stolen login information to gain access to accounts.

In a statement on Thursday, Akamai said in a report titled Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry, that the media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019.

The report said that about one-fifth of the 88 billion credential stuffing attacks observed during the reporting period targeted media companies. Publication of the report, which normally appears in April, was put off to July due to the coronavirus pandemic.

Akamai said media companies presented an attractive target for criminals and reported a 63% year-on-year increase in attacks against the video media sector.

The report also showed 630% and 208% year-on-year increases in attacks against broadcast TV and video sites, respectively. At the same time, attacks targeting video services were up 98%, but those against video platforms dropped by 5%.

akamai credentials

The company said the rise in attacks on broadcast TV and video sites appeared to coincide with an explosion of on-demand media content in 2019.

Apart from this, two major video services launched last year with heavy support from consumer promotions. These types of sites and services were claimed to be well aligned to the observed goals of the criminals who target them.

Akamai security researcher Steve Ragan said much of the value in media industry accounts lay in the potential access to both compromised assets, like premium content, along with personal data.

akamai credential2

Ragan, who authored the report, said: "We've observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as 'date night' packages.

"Once the criminals get hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie."

However, the report said video sites were not the sole focus of credential stuffing attacks within the media industry. It noted that there was a 7000% increase in attacks targeting published content.

akamai credential3

Newspapers, books and magazines were said to lie squarely within the sights of cyber criminals, indicating that media of all types are fair game for such attacks.

Given its size, the US was the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162% over 2018. France and Russia were a distant second and third with 393 million and 243 million attacks, respectively.

India, was the most targeted country in 2019, suffering 2.4 billion credential stuffing attacks. It was followed by the US at 1.4 billion and the UK at 124 million.

akamai credential4

Said Ragan: "As long as we have usernames and passwords, we're going to have criminals trying to compromise them and exploit valuable information.

"Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks. While educating consumers on good credential hygiene is critical to combating these attacks, it's up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies and expertise that can help protect customers without adversely impacting the user experience."

Screenshots: courtesy Akamai

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News