"Your Streaming Service Is Fertile Ground for Bot Attacks"
Streaming services have become increasingly attractive targets in the launch of malicious bots by cybercriminals to steal customer account information. Customers often use easier password combinations for streaming services because these services do not hold a lot of personal data. A study conducted by the Pew Research Center found that 39 percent of people use the same or similar passwords for multiple online accounts. Therefore, if a consumer's sign-in credentials are stolen from a streaming service and those credentials are also used for a bank account, the hacker then has access to sensitive data and the ability to steal money. Hackers perform Account Takeover (ATO) attacks to infiltrate online accounts. In ATO attacks, malicious actors typically gain access to accounts through the use of automatic credential stuffing and credential cracking attack techniques. The likelihood of success for username and password combination testing across multiple sites is increased when hackers use bots. A bot can try different combinations at a much higher rate than humans could. In a recent attack against a streaming service, nearly 300,000 unique username and password combinations were attempted in just over five hours, during which the hackers successfully harvested 1,500 combinations. Malicious bots are also used to create fake accounts in the targeting of streaming services. Cybercriminals can use this tactic to generate spam and abuse new account promotions. This article continues to discuss how bots are used in attacks targeting streaming services and how malicious bot attacks can be prevented.
Security Magazine reports "Your Streaming Service Is Fertile Ground for Bot Attacks"