_AlexPhotoStock_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
July 30, 2024 at 04:56PM
New research shows that cybercriminals are now selling Generative AI (GenAI) account credentials alongside other illegal goods on underground hacker markets. The credentials are for platforms like ChatGPT, Quillbot, and Huggingface, with roughly 400 accounts stolen per day and sold for $15 each. The researchers advise organizations to monitor employee usage and implement security measures.
Based on the meeting notes, the key takeaways are:
1. Cybercriminals are selling stolen Generative AI (GenAI) account credentials, including those belonging to users of various platforms such as ChatGPT, Quillbot, Notion, Huggingface, and Replit. These credentials are typically stolen from corporate end users’ computers infected with an infostealer.
2. LLM Paradise was an underground service selling stolen GenAI credentials, advertising GPT-4/Clause API keys at a starting price of $15 each before closing.
3. Threat actors are utilizing various strategies to monetize GenAI account credentials, including creating phishing campaigns, launching malware, producing chatbots, and stealing sensitive corporate data.
4. Researchers recommend organizations to monitor employee usage of cloud-based GenAI offerings, encourage GenAI vendors to implement WebAuth, use passkey security or password best practices, and utilize Dark Web monitoring services.
Let me know if you need any more information or assistance.