Threat Research

The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions

Sysdig

LLMjacking describes the illicit access to cloud-hosted LLMs through stolen credentials, driving high-cost abuse as attackers leverage advanced models and new APIs. Sysdig Threat Research Team highlights evolving attacker tactics, including LLM-assisted scripting and log-tampering, and urges stronger security measures to prevent unauthorized LLM use. #LLMjacking #Claude3Opus #Bedrock #ConverseAPI #SillyTavern #AWSBedrock

Keypoints

  • LLMjacking is the illicit use of LLMs through stolen credentials to access cloud environments.
  • There has been a significant increase in LLMjacking incidents, with a 10x rise in Bedrock API requests in July 2024 (85,000 requests, including 61,000 in a three-hour window).
  • Attackers are using advanced models (e.g., Claude 3 Opus), with victim costs potentially exceeding $100,000 per day.
  • Attackers are developing LLM-assisted scripts to optimize tool development and operations.
  • New APIs like Converse API are being used to enhance capabilities, though logging for Converse may not appear in CloudTrail.
  • Attackers tamper with logging configurations to conceal activity, including deleting model invocation logging settings.
  • Motives include sanctions evasion and exploiting cloud-hosted LLMs; organizations are urged to strengthen security and monitor for suspicious activity.

MITRE Techniques

  • [T1003] Credential Dumping – Using stolen credentials to gain access to cloud environments. [ “Attackers use stolen credentials to gain access to cloud environments.” ]
  • [T1059] Command and Scripting Interpreter – Attackers utilize LLMs to generate scripts for further exploitation. [ “Attackers utilize LLMs to generate scripts for further exploitation.” ]
  • [T1098] Account Manipulation – Attackers manipulate account settings to maintain access to LLMs. [ “Attackers manipulate account settings to maintain access to LLMs.” ]
  • [T1213] Data from Information Repositories – Attackers extract data from compromised LLMs. [ “Attackers extract data from compromised LLMs.” ]

Indicators of Compromise

  • [IP Address] Context – 103.108.229.55, 193.107.109.42
  • [Domain] Context – bedrock.amazonaws.com, sillytavernai.com
  • [User-Agent] Context – Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36, Python/3.11 aiohttp/3.9.5

Read more: https://sysdig.com/blog/growing-dangers-of-llmjacking/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint