HomeCyber BalkansLLMjacking: Using Stolen Cloud Credentials for Attacks

LLMjacking: Using Stolen Cloud Credentials for Attacks

Published on

spot_img

A new cyberattack method, known as “LLMjacking,” has been identified by researchers. This form of attack exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs), leading to significant financial losses and posing major risks to data security.

The attackers gain unauthorized access to cloud environments using compromised credentials, primarily sourced from vulnerabilities in widely used frameworks like Laravel (CVE-2021-3129). Once inside, they target LLM services such as Anthropic’s Claude models, manipulating these resources to result in excessive costs and potentially extract sensitive training data.

If left undetected, an LLMjacking attack can generate daily costs exceeding $46,000, as attackers exploit LLM services for their financial gain. This places a heavy burden on legitimate account holders, leading to disruption in normal business operations by maxing out LLM quotas.

Apart from the financial damages, there is also a looming threat of intellectual property theft. Attackers could gain access to and exfiltrate proprietary data used in training LLMs, posing a severe risk to business confidentiality and competitive advantage.

The attack surface is broadened by the availability of hosted LLM models on major cloud platforms like Azure Machine Learning, GCP’s Vertex AI, and AWS Bedrock. These platforms provide developers with quick access to popular LLM-based AI models through a simple user interface that facilitates the rapid development of applications.

Additionally, attackers can utilize tools to probe credentials across multiple AI platforms systematically, indicating an attempt to exploit any accessible LLM service. This approach suggests that the attackers may be aiming not only for financial gain but also to harvest a wide range of data from various sources.

Moreover, malicious CloudTrail events like InvokeModel calls with specific parameters provide insights for attackers on accessing LLMs. Furthermore, requesting service configurations like GetModelInvocationLoggingConfiguration can reveal valuable information to attackers, aiding them in maximizing their malicious activities.

Prevention and mitigation strategies are crucial to combat LLMjacking attacks. Organizations are advised to adopt a multi-layered security approach, including vulnerability and credential management, utilizing cloud security tools like CSPM and CIEM, and implementing robust monitoring and logging practices to detect suspicious activities early.

As cyberattacks targeting advanced technological frameworks like LLMs continue to evolve, businesses must enhance their cybersecurity measures. By understanding attackers’ tactics and implementing stringent security protocols, organizations can better protect their digital assets against emerging threats in the AI and cloud services landscape. In the face of these challenges, prioritizing cybersecurity has never been more critical for organizations to safeguard against potential breaches and financial losses.

Source link

Latest articles

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...

NPM Ecosystem Faces Two New Supply Chain Compromises

Malicious Code Discovered in npm Packages: A Growing Threat In a troubling development within the...

More like this

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...