According to a new report from Akamai, broadcast TV and video sites saw a 63 per cent year on year increase in cyber criminal attacks.
In its latest 2020 State of the Internet / Credential Stuffing in the Media Industry report, Akamai found that 20 per cent of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies.
Media companies in particular were a target, with a 63 per cent year-over-year increase in attacks against the video media sector. The report also shows 630 per cent and 208 per cent year-over-year increases in attacks against broadcast TV and video sites, respectively. At the same time, attacks targeting video services are up 98 per cent, while those against video platforms dropped by 5 per cent.
The United States was by far the top source of credential stuffing attacks against media companies with 1.1 billion in 2019, an increase of 162 per cent compared to 2018. France and Russia were a distant second and third with 3.9 million and 2.4 million attacks, respectively.
Overall, India was the most targeted country in 2019, with 2.4 billion credential stuffing attacks. It was followed by the United States at 1.4 billion and the United Kingdom at 124 million.
“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” said report author Steve Ragan. “Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks. While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies and expertise that can help protect customers without adversely impacting the user experience.”
This year’s report was delayed from April to July due to the Covid-19 pandemic. Akamai said the extra time allowed Q1 2020 data to be added to the original report.
Most notably, there was a large spike in malicious login attempts against European video service providers and broadcasters during the first quarter of 2020. One attack in late March, after many isolation protocols had been instituted, directed nearly 350,000,000 attempts against a single service provider over a 24-hour period. Separately, one broadcaster well known across the region, was hit with a barrage of attacks over the course of the quarter with peaks that ranged in the billions.