Cybercriminals have found a new lucrative opportunity in the form of purchasing Generative AI (GenAI) account credentials on underground hacker markets, as revealed by recent research. These stolen credentials include accounts from platforms like ChatGPT, Quillbot, Notion, Huggingface, and Replit among others, with hackers selling roughly 400 GenAI accounts per day, typically targeting corporate end users’ computers that have been compromised by infostealers.

One of the underground services identified in this illegal trade was LLM Paradise, where stolen GenAI credentials were being sold, with GPT-4/Clause API keys starting at a price of $15 each. This marketplace has now been shut down, but it highlights the active nature of these cybercriminal activities. Moreover, threat actors have also resorted to using legitimate platforms like TikTok to advertise these stolen credentials, showcasing the bold and brazen nature of their operations.

The researchers conducting the study further uncovered that these cybercriminals have been finding various ways to capitalize on the stolen GenAI account credentials. This could involve launching phishing campaigns, deploying malware from the compromised accounts, generating chatbots, or even extracting sensitive corporate data such as financial records or customer information. The range of illicit activities conducted using these stolen credentials underscores the severity of the threat posed by these cybercriminals.

To combat this growing menace, the researchers suggest several measures that organizations can adopt to safeguard their operations. Monitoring employee usage of cloud-based GenAI services, advocating for the implementation of WebAuth by GenAI vendors, enforcing strict passkey security protocols, and utilizing Dark Web monitoring services are among the recommended strategies to thwart these cyber threats. By staying vigilant and proactive in their cybersecurity practices, organizations can better protect themselves from falling victim to these nefarious activities.

In conclusion, the ease with which cybercriminals can now purchase GenAI account credentials on underground markets poses a significant risk to both individuals and businesses. The illicit trade in stolen credentials highlights the evolving tactics employed by threat actors in the digital landscape and underscores the need for robust cybersecurity measures to combat such nefarious activities. By heeding the insights provided by researchers and implementing stringent security protocols, organizations can bolster their defenses and mitigate the potential impact of these cyber threats.

Source link