In a recent analysis of API actions called by attackers using compromised credentials, it was found that InvokeModel, InvokeModelStream, Converse, and ConverseStream were the most commonly used actions earlier this year. However, new observations have shown that attackers are now also utilizing PutFoundationModelEntitlement, PutUseCaseForModelAccess, ListFoundationModels, and GetFoundationModelAvailability to enable and detect access to models in advance.
This development has raised concerns for organizations that have deployed Bedrock but have not activated certain models, as they may still be vulnerable to attacks. The cost implications of different models can vary significantly, with potential daily costs reaching over $46,000 for models like Claude 2.x. On the other hand, models such as Claude 3 Opus could cost two to three times more, making it crucial for organizations to closely monitor and manage model access.
One particularly concerning trend identified by researchers is the use of Claude 3 by attackers to generate and enhance code for a script that interacts with the model. This script is designed to continuously engage with the model, generate responses, monitor for specific content, and store the results in text files.
The evolving tactics of attackers highlight the importance of robust security measures and vigilant monitoring to safeguard against unauthorized access and misuse of models. As the cost of potential damages could be substantial, organizations must prioritize security protocols and regularly update their defenses to stay ahead of emerging threats.
Overall, the insights gained from the analysis underscore the growing sophistication of cyber threats targeting API actions and the critical need for proactive measures to protect sensitive data and assets. By staying informed and implementing best practices in cybersecurity, organizations can mitigate risks and maintain a secure environment for their operations.