Akamai는 가장 신뢰를 받는 세계 최대 규모의 클라우드 전송 플랫폼을 기반으로 고객이 사용하는 장소와 디바이스에
상관없이 안전하고 쾌적한 디지털 경험을 손쉽게 제공할 수 있도록 지원합니다. 전 세계 각지에 촘촘히 분산 배치된
Akamai 플랫폼은 130개 국가에 위치한 20만대의 서버로 구성되어 있으며 고객에게 탁월한 성능을 제공하고 위협을
방어합니다. 웹·모바일 성능 향상, 클라우드 보안, 기업 접속, 비디오 전송 솔루션으로 구성된 Akamai의 솔루션은
우수한 고객 서비스와 24시간 연중무휴 모니터링 서비스를 제공합니다 . 대표적인 금융 기관 , 온라인 유통업체 기업,
미디어·엔터테인먼트 사업자, 정부 기관이 Akamai를 신뢰하는 이유를 알아보려면 Akamai
홈페이지(www.akamai.co.kr), 블로그(blogs.akamai.com/kr)를 방문하거나 Twitter에서
@Akamai를 팔로우하시기 바랍니다. 전 세계 Akamai 연락처 정보는
www.akamai.com/locations에서 확인할 수 있습니다. Akamai 코리아는 서울시 강남구 강남대로 382
메리츠타워 21층에 위치해 있으며 대표전화는 02-2193-7200입니다. 2019년 6월 발행.
통계 및 트렌드
권장• 이중 인증 사용• 비밀번호 보관소 사용
금지• 비밀번호 재사용• 친구들과 인증정보 공유
공격 기법
게임 회사들이 주도할 수 있는 보안 교육 방식
웹 애플리케이션 공격 증가 추세를 보이는 애플리케이션 레이어 공격
놀라운 사실 게임 기업들을 표적으로 삼은 악의적 로그인의 절반 이상을 차지한
러시아가 게임 업계 공격의 단일 공격 발원 국가 1위를 차지
[인터넷 보안 현황 보고서]웹 공격 및 게임 도용
5권, 3호
[인터넷 보안 현황 보고서] 웹 공격 및 게임 도용
5권, 3호
게임 업계의 범죄자 활동
가장 빠르게 성장하는 공격 기법: SQLi
$20 달러
$1.30 달러
평균 월별 공격 건수 (2017년 11월~2018년 12월)
평균 월별 공격 건수 (2019년 1월~2019년 3월)
SQL 인젝션(SQLi)
로컬 파일 인클루전
(LFI)
크로스 사이트 스크립팅
(XSS)
PHP 인젝션(PHPi)
기타리모트 파일 인클루전
(RFI)
계정 탈취 시도의 주요 표적
여러 웹사이트에서 재사용하는 비밀번호
친구들과 공유하는 비밀번호
쉽게 추측 가능한 비밀번호
SQLi를 사용한 웹 애플리케이션 공격 건수(2017년 1분기)
SQLi를 사용한 웹 애플리케이션 공격 건수(2017년 11월~2019년 3월)65.1%
44%
7
8
[state of the internet] / security Web Attacks and Gaming Abuse
Report: Volume 5, Issue 3
SQL Injection GrowthThe growth of SQLi as an attack vector over
the last two years should concern website owners. In the first
quarter of 2017, SQLi accounted for 44% of application layer
attacks. This actually represented a rather large drop from the
previous baseline, which was historically slightly over 50%. As
shown in Figure 2, while every application attack vector is stable
or growing, none are growing as quickly as SQLi. As you read this
figure, please keep in mind that each vector uses a scale
determined by the number of attacks seen by Akamai. If not for the
difference in scale, only LFI would be visible in comparison to the
SQLi attacks in our plots.
In late November 2018, our customers experienced a spike of SQLi
alerts (more than 35 million attacks), which also carried over to
multiple other types of web application attacks. The timing was
most likely tied to the start of the holiday shopping season.
However, it’s also important to note that there’s been a continuing
elevated trend since that time. Database attacks are appealing to
criminals because they work often enough to be profitable.
The United States has long been the main target for application
layer attacks, experiencing 2.7 billion attacks over 17 months.
It’s unlikely that this key position will be challenged in the
foreseeable future, as the United States has held this dubious
honor for as long as we’ve been tracking web application attacks.
The other target countries listed in Figure 3 are also familiar
members of the list, though Australia and Italy have not been
consistently in the top spots in the past.
Fig. 3 – Nearly 67% of application layer attacks target
organizations based in the United States
COUNTRY TOTAL ATTACK GLOBAL RANKUnited States 2,666,156,401
01United Kingdom 210,109,563 02Germany 135,061,575 03Brazil
118,418,554 04India 113,280,600 05Japan 95,550,352 06Canada
84,443,615 07Australia 54,187,181 08Italy 47,784,870 09Netherlands
47,390,611 10
7
8
Fig. 2 – Spikes across multiple attack vectors often represent a
single botnet or attacker
When we look at where application attacks originate, the traffic
is much more evenly distributed around the
globe. The United States maintains an unhealthy lead as the
biggest source of these attacks, but Russia, the
Netherlands, and China all show significant amounts of alerts
originating from their countries. It should be
noted that “source country” designates where the traffic is
coming from and does not necessarily indicate
where the actual attacker is located. Smart attackers take
significant steps to hide where they’re coming
from, and are also unlikely to show up in Top 10 lists, as their
attack patterns tend to be much quieter.
Top 10 Source Countries - All Verticals November 2017 – March
2019
Top 10 Target Countries November 2017 – March 2019
Dai
ly A
ttac
ks (M
illio
ns)
Daily Web Attacks by Vector November 2017 – March 2019
30M
20M
10M
2.00 M
1.5 M
1.0 M
4 M
3 M
2 M
1 M
7.5 M
5.0 M
2.5 M
0.6 M
0.4 M
0.2 M
0.9 M
0.6 M
0.3 M
JAN 2018 APR 2018APR 2019
JUL 2018 OCT 2018 JAN 2019
COUNTRY TOTAL ATTACK GLOBAL RANKUnited States 967,577,579
01Russia 608,655,963 02Netherlands 280,775,553 03China 218,015,784
04Brazil 155,603,585 05Ukraine 154,887,375 06India 142,621,086
07France 121,691,941 08Germany 113,233,187 09United Kindom
102,531,816 10
Fig. 4 – Russia has become firmly entrenched as the second
largest source of application attacks
[state of the internet] / security Web Attacks and Gaming Abuse
Report: Volume 5, Issue 3
Attacks
100,000,000
1,000,000
10,000
10
RFI
LFI
PHPI
OTHER
XSS
SQL INJECTION
Attacks
100,000,000
1,000,000
10,000
100
89.9%의 웹 애플리케이션 공격에 사용된 공격 기법: SQLi 또는 LFI
2억 건 4억 건
13
14
[state of the internet] / security Web Attacks and Gaming Abuse
Report: Volume 5, Issue 3
250
M
Development Lifecycles
Credential stuffing attacks target login forms, APIs, or both,
depending on the organization. The tools used during these attacks
are advanced and regularly maintained.
Using a regular development lifecycle, AIOs such as SNIPR — an
entry-level AIO that retails for approximately $20 USD — have
regular releases that address bugs, security issues, UI
improvements, and functionality.
A Growing Market
Fig. 6 – Credential stuffing attacks by day during the reporting
period
Fig. 7 – A screenshot of the SNIPR product page
Combination Lists
As an industry, gaming is a large, unregulated market of in-game
purchases and rare items. Gaming sites saw 12 billion attacks out
of the total 55 billion in our data. Accordingly, the gaming
marketplace is quickly becoming a lucrative target for criminals
looking to make a quick buck.
Part of the reason why gaming is so lucrative is the trend of
adding easily commoditized items for gamers to consume, such as
cosmetic enhancements, special weapons, or other related items.
Furthermore, gamers are a niche demographic known for spending
money, so their financial status is also a tempting target.
For example, criminals target popular games like Fortnite and
Counter-Strike: Global Offensive (CS:GO), looking for valid
accounts and unique skins. Once a player’s account is successfully
compromised, it can then be traded or sold.
Most compromised accounts sold in gaming marketplaces are used
to avoid bans, but others are purchased for the novelty of playing
with a rare skin or unique item. Sometimes, the items in the
compromised account are traded away or later sold.
If the hijacked profiles are connected to a valid credit card or
PayPal account, they’re considered more valuable, since the
criminal can purchase additional items (e.g., account upgrades,
game currency, or other loot) and then trade or sell the account at
a markup.
According to a BBC report published in December 2018, some
people — including children as young as 14 years old — are making
thousands of dollars per week selling or trading compromised gaming
accounts. Once a criminal obtains access, any money made from the
attack is pure profit.
14
Credential Abuse by DayIn February 2018, Epic Games warned
gamers about the rise of credential stuffing attacks against
Fortnite accounts, stating that a number of accounts had been
compromised due to “well-known hacking techniques.”
Specifically, Epic urged Fortnite players to avoid password
reuse across multiple websites, warning that it was a “dangerous
practice” to be avoided. In addition, Epic’s warning also discussed
phishing and other related scams. In fact, password reuse is a
primary reason why credential stuffing attacks are so successful.
After reuse, the second most common reason such attacks succeed is
easily guessed passwords.
Credential stuffing attacks start with a combination list, or a
collection of usernames and passwords that can be tested against a
number of platforms. The attacker will load the lists into an AIO
application, and after tuning a configuration file, run the
passwords against the organization one right after another until
they get a positive result.
The combination lists themselves are sourced from data breach
sets published publicly, or they can be purchased from darknet
sellers who deal in bulk. Those selling combination lists often
tailor them to the customers’ needs. One darknet seller recently
offered a split deal, which included one of the following: A batch
of 5 billion random email addresses and passwords, or a customized
list of 50,000 where the purchaser can dictate the format
(email:pass or user:pass), provider, location, and more. Either
option costs a total of $5.20.
13
All Verticals Gaming
[state of the internet] / security Web Attacks and Gaming Abuse
Report: Volume 5, Issue 3
250M
300M
200M
150M
100M
50M
0M
Nov 01, 17 Jan 01, 18 Mar 01, 18 May 01, 18 Jul 01, 18 Sep 01,
18 Nov 01, 18 Jan 01, 19 Mar 01, 19All Verticals Gaming
Log
in A
ttem
pts
Mal
icio
us
Log
in A
tte
mp
ts
100 M
200 M
250 M
300 M
50 M
150 M
0 M
NOV 01, 18
MAR 01, 18
JUL 01, 18
NOV 01, 18
JAN 01, 18
MAY 01, 18
SEP 01, 18
JAN 01, 19
MAR 01, 19
JUN 03, 2018 129,124,294
OCT 27, 2018 214,500,473
보고서 전문 다운로드
4가지 방법범죄자들의 탈취한 계정 수익화 수단
계정 판매 판매 전에 계정의 결제 정보를 사용하여 업그레이드
계정의 게임 내 화폐, 무기, 장비 등을 거래 또는 판매
이커머스, 금융 기관, 기타 사이트에서 탈취한 로그인 정보 테스트
1 32 4
다크넷에서 거래되는 탈취 계정의 판매 가격
낮은 가격대
$5.20 달러
14세
50억 개의 무작위 이메일 주소와 비밀번호 또는
5만 개의 사전 형식화된 사용자 ID와 비밀번호 중 하나의 판매 가격
어린 연령대
미국 거점 기업들을 노린 애플리케이션 레이어 공격 건수
67%
크리덴셜 스터핑2017년 11월~2019년 3월
게임 업계에서 발생한 공격 건수
120억 건Akamai에서 관측한 공격 건수
550억 건
4
4
4
성장 추세의 탈취 계정 시장 2017년 11월~2019년 3월
나이가 어린 범죄자들도 탈취한 게임 계정 판매를 통해 매주 수천 달러를 벌어들일 수 있음
널리 사용되는 초급 크리덴셜 스터핑 툴킷의
판매 가격
65.1%
4.5% 2.2% 1.8%1.7%
24.7%
국가 총 공격 건수 글로벌 순위
중국 218,015,784 04
인도 142,621,086 07
싱가포르 53,950,611 15
일본 45,188,875 16
인도네시아 38,981,849 17
베트남 32,725,236 19
태국 27,968,636 22
홍콩 27,733,134 23
호주 21,669,279 25
필리핀 19,903,684 27
웹 애플리케이션 공격 발원 국가 - 아시아 태평양 지역 상위 10대 공격 발원 국가 | 2017년 11월~2019년
3월
https://www.akamai.com/kr/kohttps://blogs.akamai.com/krhttps://twitter.com/Akamaihttps://www.akamai.com/kr/ko/locations.jsphttps://www.akamai.com/kr/ko/multimedia/documents/state-of-the-internet/soti-security-web-attacks-and-gaming-abuse-report-2019.pdf
