LLMjacking can cost organizations a lot of money: LLMjacking is a continuation of the cybercriminal practice of abusing stolen cloud account credentials for various illegal operations, such as cryptojacking, abusing hacked cloud computing resources to mine cryptocurrency. The difference is that large quantities of API calls to LLMs can quickly rack up huge costs, with researchers estimating potential costs of over $100,000 per day when querying cutting-edge models.Security firm Sysdig reported last September a tenfold increase in the observed number of rogue requests to Amazon Bedrock APIs and a doubling of the number of IP addresses engaged in such attacks.Amazon Bedrock is an AWS service that allows organizations to easily deploy and use LLMs from multiple AI companies, augment them with their own datasets, and build agents and applications around them. The service supports a long list of API actions through which models can be managed and interacted with programmatically. Microsoft runs a similar service called Azure AI Foundry, and Google has Vertex AI.Sysdig initially saw attackers abusing AWS credentials to access Bedrock models that were already deployed by the victims organizations, but later started seeing attempts by attackers to actually enable and deploy new models in the compromised accounts.Earlier this month, after the release of the DeepSeek R1 model, Sysdig detected LLMjacking attackers targeting it within days. The company also discovered over a dozen proxy servers that used stolen credentials across many different services, including OpenAI, AWS, and Azure.”LLMjacking is no longer just a potential fad or trend,” the security company warned. “Communities have been built to share tools and techniques. ORPs [OpenAI Reverse Proxies] are forked and customized specifically for LLMjacking operations. Cloud credentials are being tested for LLM access before being sold.”See also:
10 most critical LLM vulnerabilitiesGen AI is transforming the cyber threat landscape by democratizing vulnerability huntingTop 5 ways attackers use generative AI to exploit your systems
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3835936/microsoft-files-lawsuit-against-llmjacking-gang-that-bypassed-ai-safeguards.html
