According to new research from Group-IB reveals a concerning trend between January and October 2023. During this period, an alarming number of over 225,000 stolen ChatGPT credentials were traded on illicit online platforms.
These compromised credentials were found in logs associated with notorious malware such as LummaC2, Raccoon, and RedLine stealers.
In its Hi-Tech Crime Trends 2023/2024 study released last week, the Singapore-based cybersecurity company highlighted fluctuations in infected devices throughout the summer. While there was a slight decrease in the middle and end of the season, the numbers surged notably between August and September.
Between June and October 2023, over 130,000 unique hosts with access to OpenAI ChatGPT fell victim to hacking. This marked a significant 36% increase compared to the preceding five months of 2023. The breakdown below outlines the top three stealer families:
- LummaC2: 70,484 hosts
- Raccoon: 22,468 hosts
- RedLine: 15,970 hosts
“The sharp increase in the number of stolen ChatGPT credentials for sale is due to the overall rise in the number of hosts infected with information stealers, data from which is then put up for sale on markets or in UCLs,” said Group-IB.
Aligned with Microsoft and OpenAI’s announcement regarding Russia, North Korea, Iran, and China’s experimentation with artificial intelligence (AI) and large language models (LLMs) in their ongoing cyberattack endeavours, Group-IB highlighted the potential threats posed by LLMs.
According to Group-IB, adversaries can leverage LLMs to devise novel tactics, execute persuasive scams and phishing attempts, and enhance operational efficiency. Furthermore, this technology has the potential to expedite reconnaissance efforts, simplify the utilization of hacking toolkits, and facilitate scammer robocalls.
“In the past, [threat actors] were mainly interested in corporate computers and in systems with access that enabled movement across the network,” it said. “Now, they also pay attention to devices that can connect to public AI systems.”
“This gives them access to logs with the communication history between employees and systems, which they can use to search for confidential information (for espionage purposes), details about internal infrastructure, authentication data (for conducting even more damaging attacks), and information about application source code.”
Threat actors’ use of real account credentials has become a popular way to get in, mainly because stealer malware makes this information easy to find.
“The combination of a rise in infostealers and the abuse of valid account credentials to gain initial access has exacerbated defenders’ identity and access management challenges,” IBM X-Force stated.
“Enterprise credential data can be stolen from compromised devices through credential reuse, browser credential stores, or accessing enterprise accounts directly from personal devices.”
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.