/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/wp-content/uploads/2021/09/Entertain-but-analyze-the-risks-too1.jpg)
There are multiple factors that make OTT platforms vulnerable to cyber risks. Similarly, there are multiple possible ways to manage these risks.
/vnd/media/post_attachments/wp-content/uploads/2021/09/Jagdish-Mahapatra1-1.jpg "Jagdish Mahapatra")
By Jagdish Mahapatra
In the past few years, over-the-top (OTT) services or digital video and TV streaming services have witnessed a rapidly expanding customer base globally. In India, there was a 30% rise in paid subscribers, from 22.2 million to 29 million in March and July 2020 alone, owing to lockdowns and quarantine measures across the country that led to a temporary closure of multiplexes and entertainment theatres.
However, as OTT service providers continue to grow their customer base, there are some associated challenges to consider. For example, the safety of their customer data stored in their application and the threats lurking in the unmanaged devices used for streaming. The size of the market and multiple endpoints being used provide malicious cyber actors with an opportunity to exploit vulnerabilities in web and mobile-based OTT applications for their financial gain. And there are multiple factors that make OTT platforms vulnerable to cyber risks. Similarly, there are multiple possible ways to manage these risks.
Data privacy
One of the greatest threats to privacy and personally identifiable information (PII) today comes in the form of data breaches. Extremely personal data is often used to hack into financial records.
Globally this year, there have been 1,161 Big Game Hunting incidents – ransomware targeting large enterprise-sized businesses – an average of 44.65 targeted attacks per week.
OTT platforms have customers’ login credentials like name, email address, phone number along with credit card and bank account information for subscription purposes. The theft of such credentials constitutes a data breach, and the most common outcome of data from these breaches is to sell this personal information or release it in the public domain.
What could make OTT services even more vulnerable is if users access this data through unsecured networks and devices. Passwords can often be shared among multiple users across multiple devices. Once the hackers gain access to login credentials they can use customers’ financial data to make fraudulent purchases or sell the information further. Media and entertainment services have always been a prime target for cybercriminals. In 2018, there were 30 billion login attempts using stolen credentials, and streaming media were among the top sectors that were breached.
OTT platforms need to recognize these threats immediately and take steps to safeguard user data as well as educate their user base about how to remain secure. Hackers are always on the lookout to exploit apps where huge volumes of personal user data are being housed including OTT platforms. Since they are growing in popularity, they may well be on the radar of malicious attackers.
Ransomware
We all know it’s been around for years, and we think we might have heard everything there is to know about it, but it remains cyber criminals’ weapon of choice. In fact, globally this year, there have been 1,161 Big Game Hunting incidents – ransomware targeting large enterprise-sized businesses – an average of 44.65 targeted ransomware events per week. Besides, there has been an estimated USD164 million in ransom demands with an average cost of USD6.3 million.
Ransom demands along with their accompanying threats to leak victim data if unpaid have been observed by our intelligence team as the most prominent e-Crime trend in 2020. Criminals also launch distributed denial-of-service (DDoS) attacks to disrupt businesses and hold them to ransom. Web servers are easy targets for DDoS attackers. When they take control of the web link they can launch the attack on the streaming service and shut down their services if ransom demands aren’t met.
Recently, there have also been additional shifts and evolution in ransomware. Adversaries are looking for new monetization schemes and ways to increase their returns. They think they act, and they refine their businesses. E-Crime actors are developing ransomware-as-a-service (RaaS) business models, providing ransomware toolkits to third-party threat actors in return for a cut of the ransom. Also, e-Crime actors are beginning to employ double extortion techniques, demanding additional fees on top of a ransom with the threat of either releasing the data publicly or selling it to the highest bidder. This can become a real problem for OTT providers. Ransomware attacks have been steamrolling over industries and hitting organisation and there is no doubt they will keep targeting vulnerable businesses offering lucrative rewards.
A Netflix exclusive film, ‘Mimi’ was released four days prior to its scheduled release date because its pirated copy was leaked on the web.
Content piracy
Recently, a Netflix exclusive film, ‘Mimi’ was released four days prior to its scheduled release date because its pirated copy was leaked on the web. Once the content is pirated it can be copied and distributed. Users get access to the videos and films easily on social media where download links are shared for free to users who have found the channel.
In such cases, the OTT services partner suffers losses as it is no longer the sole source of the exclusive content. On the other hand, the websites hosting pirated content end up monetizing it. A Bloomberg report found that pirated entertainment sites make around USD1.3 billion from advertising each year by hosting illegally acquired movies and TV shows.
Another challenge for OTT platforms is live streaming. In the recently held Tokyo Olympics, Sony pictures had to file a petition in the Delhi High Court for removing all unauthorized links from live streaming the event. Stringent security measures are needed to curb piracy as its business impact is significantly high. According to reports, streaming services and sporting event right holders lost nearly USD28.3 billion due to online piracy in 2020.
OTT service providers must practice good cyber hygiene and prevention measures to stay ahead of threats. This includes educating all team members on strong password protection, multi-factor authentication, always connecting to secure Wi-Fi, and ensuring both office and remote applications are fully patched and up-to-date. The introduction of security tools such as endpoint detection and response (EDR) enables organizations to collect all data from endpoints, providing surveillance-like observability to proactively scan for environmental threats.
The 1-10-60 rule must be followed – where cyber attacks are detected in less than one minute, investigated in 10 minutes, and eliminated in 60 minutes. Organizations meeting this framework are more likely to stop the attack from spreading to the entire network as adversaries tend to deploy ransomware laterally.
The 1-10-60 rule must be followed – where cyber attacks are detected in less than one minute, investigated in 10 minutes, and eliminated in 60 minutes.
It is now more pertinent than ever for businesses to invest in preventative measures and cloud-native security solutions. It can provide the scale and simplicity needed to keep pace with evolving OTT services attacks.
Mahapatra is Vice President - Asia, CrowdStrike
feedbackvnd@cybermedia.co.in