Bot Abuse Analysis and Other Fraud Benchmarks - Streaming Services Industry

Q1 2024

The surge in popularity of streaming services, including YouTube, Netflix, Disney+, and HBO Max, has caught the attention of threat actors aiming at monetary gains through cyber attacks. These fraudsters are driven by an efficient effort-to-attack ratio, which influences their overall wealth creation. As a result, streaming platforms are now confronted with threats from both malicious bots and human-based attacks. This challenge is expected to persist, particularly with the projected growth of streaming revenue reaching $115 billion by 2026. Fraud should no longer be considered an acceptable cost of doing business.

This industry brief utilizes data from our comprehensive bot abuse analysis, focusing on the top attack vectors in the streaming sector during Q1, Q2, and Q3 2023. It seeks to provide data-driven insights on attacks in this industry, offering effective detection and prevention strategies. Insights are drawn from the Arkose Labs Global Intelligence Network, which includes major corporations and category leaders. These entities, prime targets for cyber threats, provide a unique perspective for monitoring and analyzing activities.

Attack type by industry in H1 2023:

We analyzed billions of sessions worldwide across industries, between January 2023 and September 2023, and assessed three primary attack vectors fraudsters use to launch various attacks. In sum, these methods generated billions of attacks in the first half of 2023 and into Q3, comprising 73% of website and app traffic measured. That means almost ¾ of web traffic to digital properties is malicious.

In the streaming sector, criminals dedicate substantial time and resources to activities such as account takeovers, web scraping, and other fraudulent endeavors. But when faced with robust site protection, bad actors can no longer achieve the economic gains they seek and ultimately move on. This principle underlies the core philosophy of Arkose Labs—making attacks too costly for adversaries to persist.

The Bad Side of Bots

Efficiency is a top priority for cybercriminals, as it directly influences their monetary gains. Malicious bots are key to empowering fraudsters in carrying out targeted and well-crafted attacks on streaming enterprises. Notably, a whopping 61% of web traffic in streaming services is attributed to bad bots.

The percentage of traffic by industry that comes from bad bots:

Between Q1 2023 and Q2 2023, intelligent bot traffic experienced a nearly fourfold increase. This growth surpassed basic bots and played a pivotal role in the overall surge of approximately 167% in bot attacks during the same period.

While the prevalence of automated threats is a concern, there has also been a marked 26% uptick in human-based attacks during Q3. When malicious bots fail to make it past security defenses, threat actors turn to human fraud farms to complete their mission. This move comes at a significant human cost, often involving forced labor.

The bot issue accounts for 61% of streaming traffic, while human-based attacks have seen a notable increase of 26% in Q3 compared to the preceding quarter. Due to the financial incentives associated with these attacks, and the volume of sensitive data at risk, streaming services are now deemed high-value targets.

Beating these adversaries demands technology that dynamically targets human solvers and applies adaptive, time-consuming challenges. With this capability in place, global gaming organizations can defeat the economics behind attacks that exploit human labor at scale.

Concerning Trends and Crimes in Streaming Services

The surge in popularity of streaming services has given rise to a variety of attacks, including account takeover (ATO). Cybercriminals lure consumers in with low subscription prices, presenting a bogus alternative to official streaming service providers. These scams may take the form of one-time payments or recurring fees, creating a facade of legitimacy. Research highlights that some 73% of consumers hold brands accountable for ATO attacks and the protection of account credentials.

The modus operandi of these fraudsters involves obtaining credentials, such as usernames and passwords, from the dark web. This information is then sold to other individuals with the caveat not to change the login details, a move that allows attackers to maintain control over compromised accounts. These ATOs not only impact streaming platforms financially but also pose risks of personal information misuse and strain platform resources, affecting service quality for paying subscribers.

Another concern in streaming is the rise of web scraping, where automated bots extract data from platforms, jeopardizing service integrity. This practice has become one of the top five attacks across industries, witnessing a substantial 432% increase from Q1 to Q2 of 2023, and the fastest growing attack type.

In Q3, scraping maintained its position as one of the top five attacks deployed by fraudsters, notably rising by 11% in the second quarter and posing new challenges. Notably, all instances of scraping attacks were executed by automated bots.

Content pirates frequently use scraping to gather valuable information such as user preferences, viewing habits, and content availability. This unauthorized extraction not only compromises user privacy but also has broader implications for streaming platforms in curating and delivering content effectively.

Two Cyber Threats Driving Bot Attacks in Streaming Services

Two technology trends, influenced by powerful economic forces, are driving the surge in bot and human fraud farm attacks:

1. Generative AI (GenAI)

Fraudsters exploit GenAI to conduct scraping on streaming platforms by creating intelligent bots that mimic authentic user behavior, adapt to security measures, and generate realistic profiles. These bots evade rate-limiting mechanisms, dynamically adjust to changes in the platform's structure, and engage in social engineering tactics using contextually relevant messages. This enables them to seamlessly blend with legitimate users, making detection challenging for streaming platforms.

2. Cybercrime-as-a-Service (CaaS)

This model, which involves the outsourcing of sophisticated tools and services to cybercriminals, plays a pivotal role in fueling the surge of bot and human fraud farm attacks on streaming services. The CaaS model enables bad actors to access these resources without demanding in-depth technical expertise. By leveraging these marketplaces, attackers can efficiently scale their operations, deploying large volumes of both automated bots and human-driven fraud.

Human fraud farms, often organized and managed by cybercriminals, engage in activities like fake account creation and social engineering attacks, while automated bots perform tasks such as data scraping and credential stuffing. The convenience and accessibility provided by the CaaS model contributes greatly to the increased frequency and scale of attacks on streaming services.

Industry Benchmarks

In the first half of 2023, nearly every industry experienced an increase in the number of attacks.

The Growing Scourge of Attacks

Attack Type Breakdown by Industry in H1 2023

Arkose Labs Can Help

Arkose Labs safeguards businesses by disrupting the financial incentives driving bot attacks. Our long-term bot mitigation and account security solutions focus on protecting critical user touch-points: account login and registration. By identifying hidden attack signals and undermining attackers' return on investment, we enhance security without compromising user experience.

Our unique platform, Arkose Bot Manager, analyzes user session data to assess context, behavior, and reputation, classifying traffic based on risk profiles. Suspicious traffic faces enforcement challenges, distinguishing between legitimate users and fraudsters to block automated activities and ensure a secure consumer experience.