Your Cloud Credentials Are for Sale

LLM Jacking is a sophisticated attack technique in which cybercriminals steal and sell cloud account credentials to gain malicious access to enterprise LLMs (Large Language Models). This often results in businesses unknowingly covering the consumption costs, leading to financial losses and potential damage to their AI infrastructure.

Key Risks of LLM Jacking:

1. Rising Consumption Costs: Attackers can rack up massive bills — up to $46,000 a day — by exploiting cloud-based LLM services.
2. Weaponization of Enterprise LLMs: Malicious actors can manipulate LLM models to generate harmful outputs, compromising both internal and customer-facing systems.
3. Exacerbating Existing Vulnerabilities: LLMs already face security challenges such as prompt injection and data poisoning, which are worsened by LLM jacking.
4. Long-Term Consequences: These attacks can expand an organization’s attack surface, leading to data breaches, financial damage, and loss of trust.

Attack Process:

Cybercriminals typically steal cloud credentials from vulnerable systems and sell them on illicit marketplaces.

Once credentials are acquired, attackers test the extent of their access and exploit LLM services for further malicious activity.