Black market for stolen streaming accounts thriving

By Dylan Bushell-Embling
Monday, 30 March, 2020

Black market for stolen streaming accounts thriving

The proliferation of entertainment streaming services such as Netflix, Disney+ and Apple Music has created a lucrative new market for attackers, who are stealing valid credentials and selling them at heavy discounts on the dark web, according to Proofpoint.

An analysis into the growing black market for stolen streaming credentials by the cybersecurity company shows that a mature, thriving online market has emerged for stolen streaming credentials.

Proofpoint's research found that attackers are using three main methods to harvest compromised credentials.

The first includes malware attacks including keyloggers and other information extraction tools, Proofpoint said. This malware is often concealed in files or masked to look like legitimate applications to evade detection from users.

Attackers are also using credential phishing attacks such as sending out spoofed emails claiming there is an issue with a prospective victim's streaming account, and asking them to click a link to correct the issue.

These links lead to sites designed to mimic the official streaming site — often near perfect copies of the original — that use login pages to harvest credentials. Sites will often also implement credit card entry pages to try to steal a victim's credit card information at the same time.

The third method involves using previously compromised login details from other sites to attempt to catch out victims who re-use their passwords across multiple sites.

Proofpoint said many Australian victims of such an attack may not even be aware that their streaming details have been stolen and sold and are being used by somebody else for free.

Related News

ZeroLogon vulnerability being actively exploited

Microsoft has warned that attackers are attempting to actively exploit the ZeroLogon escalation...

NAB bolsters cybersecurity with bug bounty

NAB, in partnership with Bugcrowd, has launched a cyber bug bounty program, with a reward for...

Rising cyber attacks drive APAC managed security spend

GlobalData predicts that managed security services revenue in the APAC region will reach $17...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd