Cybercriminals are exploiting the popularity of Generative AI (GenAI) platforms to sell stolen account credentials on underground markets [1], particularly in Russian Underground Markets [3].
Description
Approximately 400 GenAI account credentials are sold daily [1], including those for platforms like ChatGPT, Quillbot [1] [2] [4], Notion [1] [2], Huggingface [1] [2], and Replit [1] [2], with prices as low as $15 each. These credentials are often obtained from infected corporate users’ computers [1], where infostealers capture sensitive information entered into Internet browsers [3], such as log-in credentials for IT networks [3], online banking [3], e-commerce accounts [3], and healthcare portals [3]. Subscribers to GenAI platforms are at risk of having their credentials compromised for malicious activities like phishing campaigns, malware distribution [4], and data theft [2] [4]. While a notable underground market specializing in stolen GPT-4 and Clause API keys has been shut down [1], cybercriminals continue to exploit stolen GenAI credentials [1]. The stolen information is compiled into Stealer Logs [3], which are sold on the underground markets for $10 each [3]. To mitigate these risks [1], companies are advised to implement robust security measures such as monitoring employee usage of cloud-based GenAI offerings, encouraging vendors to implement WebAuth [2], using passkey security [2], password best practices [2], and utilizing Dark Web monitoring services.
Conclusion
This evolution in cybercrime highlights the ongoing battle between cybercriminals and cybersecurity experts [4], emphasizing the need for consumers and corporations to remain vigilant against increasingly sophisticated threats. Implementing strong security measures and staying informed about potential risks are crucial steps in protecting against cyber threats in the age of GenAI platforms.
References
[1] https://www.infosecurity-magazine.com/news/genai-dark-web-400-daily-listings/
[2] https://www.darkreading.com/threat-intelligence/criminal-hackers-add-genai-credentials-to-underground-markets
[3] https://www.esentire.com/blog/hackers-are-stealing-genai-credentials-so-what-sensitive-company-data-are-they-getting-their-hands-on
[4] https://www.tildee.com/criminal-hackers-turn-to-selling-generative-ai-credentials-on-underground-markets-an-emerging-cybercrime-trend/