China has become one of the top seven destinations experiencing incidents of credential stuffing, with the top three being the United States, India, and Canada, according to a recent report.
Credential stuffing is the attack where nefarious actors tap automated tools to use stolen login information to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.
The report, released by Akamai Technologies, the world's leading provider of content delivery networks, showed that currently enterprises and institutions from the Asia-Pacific suffer from $28.5 million worth of loss resulting from credential stuffing every year.
In 2018, three of the largest credential stuffing attacks were against online video and music streaming services, ranging in size from 133 million to 200 million attempts. The attacks took place shortly after reported data breaches, indicating hackers were likely testing stolen credentials before selling them.
"Hackers are very attracted to the high-profile online streaming services," said Patrick Sullivan, Akamai's director of security technology and strategy.
Stolen credentials can be used for a host of illicit purposes, not the least of which is enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.
"Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse. The good news is that organizations are taking the threat seriously and investigating security defenses," Sullivan added.
Unmesh Deshmukh, vice-president of cloud safety at Akamai Asia-Pacific, said that "current network security protection is not only about enterprises' own business, cloud safety should also be considered. Only the protection combination that targets both can withstand the large-scale, high-volume cyber attack on the internet. Chinese enterprises should be aware of that."