Hackers Exploit Dark Web to Sell Stolen Generative AI Accounts

Hackers Target Generative AI Accounts on Dark Web

Cybercriminals are capitalizing on the rising popularity of Generative AI (GenAI) by selling stolen data and account credentials on the dark web. Research from eSentire's Threat Response Unit (TRU) reveals that over 400 GenAI account credentials are sold daily, highlighting a significant cybersecurity threat.

Infostealer Malware and Its Impact

These credentials are primarily obtained through infostealer malware that infects corporate users' computers. This malware collects any information entered into web browsers, including sensitive data like bank details, financial records, customer information, and login credentials. When users subscribe to GenAI services or models, their credentials are also at risk of being stolen. The stolen data, often referred to as 'Stealer logs,' is then sold for approximately $10 per log. Notably, OpenAI credentials are the most commonly stolen, with around 200 listings daily.

LLM Jacking: A New Threat

In addition to credential theft, hackers are also hijacking Large Language Models (LLMs) in a process termed 'LLM Jacking.' Security research by Sysdig has found that cybercriminals aim to acquire, resell, and misuse access to LLMs. This often involves using a reverse proxy to resell and monetize LLM access. Such attacks can cost victims up to $46,000 per day in consumption costs.

Dark Web Marketplaces and Their Tactics

Underground stores like the now-defunct LLM Paradise have used these tactics to sell stolen GenAI credentials, even promoting their activities on social media platforms like TikTok. Despite the closure of some sites, a thriving market continues to support the sale of stolen data.

Mitigating the Threat

With the increasing use of AI, cybercriminals are finding new ways to exploit stolen data. Companies are urged to implement stringent security measures, including robust vulnerability management processes, monitoring for suspicious activity, and employing multi-factor authentication to safeguard their systems and data.