Hackers Sell Stolen GenAI Accounts on the Dark Web
Hackers have been found to be selling stolen Generative AI data and account credentials on the dark web, taking advantage of the technology’s growing popularity to earn large rewards.
New research from eSentire’s Threat Response Unit (WHERE) has determined that cybercriminals sell over 400 account credentials every day. These are primarily obtained from corporate end-user computers that have been infected with infostealer malware that collects everything the user has typed into their web browser. This can include sensitive information such as banking details, financial data, customer details, and login credentials.
Additionally, if end users are subscribed to a GenAI service or model, then these credentials are stolen. When an infostealer is used to gather information, the ‘Stealer log’ of stolen data is sold for around $10. OpenAI credentials are reportedly the most stolen, with an average of 200 daily entries.
LLM Jack Up
Elsewhere, findings from security research organization Sysdig also showed that threat actors are also gaining control of large numbers of LLMs (Large Language Models) in a process called “LLM Jacking.” TRU warns that hackers aim to gain, resell, and abuse access to LLMs.
Sysdig has confirmed that LLM Jacking often uses a reverse proxy to resell and monetize their LLM access, and has warned Such an attack could cost the victim up to $46,000 per day in consumption expenses.
Underground shops such as LLM Paradise used this tactic to acquire and sell stolen GenAI credentials, even shamelessly advertising on sites like TikTok. While this site has since been shut down, a healthy market ensures that many others remain in place.
As the use of AI has increased, so has the threat of cybercriminals finding new ways to profit from stolen data. Businesses are advised to maintain strict security measures, such as establishing robust vulnerability management processes, monitoring suspicious activity and multi-factor authentication.