Streaming services are increasingly being attacked by hackers

Over the year, the number of bot attacks on media platforms, including streaming services, increased by 30%. Bots are used by pirates to create illegal copies of films and TV series. Experts say existing methods for blocking bot activity “are not always effective.” Meanwhile, because of them, technical downtime may occur on services, leading to an outflow of users. Attackers can also use them to guess passwords for user accounts that have a paid subscription.

The number of bot attacks has increased on Russian media platforms and online cinemas, Servicepipe (a provider of protection against network cyber attacks) told Kommersant. In January 2024, the number of bot attacks on online cinemas increased by 30% compared to January 2023, analysts estimate. Servicepipe explains that bots, on the one hand, access platform sites under the guise of ordinary users and steal content. For example, they record screens while watching movies, thus creating pirated copies. The company notes that bots carry out similar attacks on foreign services using a VPN to log in, for example, on Netflix.

At the same time, bots learn quickly and are currently already effectively bypassing blockages, clarifies Daniil Shcherbakov, Deputy General Director of Servicepipe. Cases of account theft have also become more frequent. “Bots quickly recreate the user’s data by guessing the username and password and log into the account with a paid subscription,” he says.

An attack to brute-force a user’s login and password, also known as a “brute force attack,” is one of the most common types of cyber attacks, Informzashita confirms. You can combat this, for example, by introducing two-factor identification. As for bots that steal content, the situation here is more complicated, the company says. “They behave like ordinary users, go to the website of a streaming service, select the desired content and simply “watch” it, but at the same time record video from the screen, which makes it difficult to find such bots among ordinary users and block them,” explains an expert from the counteraction department. cyber threats “Informzashita” Anatoly Peskovsky.

Now these are the most popular vectors of attacks on online cinemas, Qrator Labs confirms: “The key is attempts to log into your account, because the content of interest is only available by subscription. Also, there are attempts to mass register new accounts with subscription payments using stolen data from other people’s payment cards.”

The use of bots by pirates is also confirmed by the hosting provider RUVDS: at first they were used in primitive schemes to create “dirty traffic” – simulating a visit to a particular page. Then, when technology made it possible to create bots with elements of artificial intelligence (AI), everyone was faced with a new round of their illegal use, says RUVDS CEO Nikita Tsaplin: “In some cases, a bot can easily bypass blocking and “prove that it is a person.”

In 2023, media holdings experienced increased piracy of their own content. The number of references to it included in the register as part of the anti-piracy memorandum at the end of 2023 exceeded 89 million, while in January 2022 the figure was 76.5 million (see Kommersant of January 26).

However, the services themselves do not explain what technical means the pirates use. Premier and Kinopoisk declined to comment; Start and Wink did not respond to Kommersant. “There has been no recorded increase in bot activity on KION over the past year,” the online cinema told Kommersant.

When talking about risks, it is worth considering primarily financial ones, notes Mikhail Sukhov, head of the security analysis department at Angara Security. The activity of bots can lead to service downtime, which will provoke an outflow of customers from online cinemas, and also threaten reputational damage, the expert warns: “Directly hijacking user accounts through password guessing is a problem for services that do not have forced second-factor authentication.” As the expert notes, to reduce risks, you should use services with two-factor authentication and do not avoid it when registering.

Tatiana Isakova, Yulia Yurasova