Artificial Intelligence & Machine Learning,
Next-Generation Technologies & Secure Development
Over 10,000 Exploit Attempts Documented Within a Week from One Malicious IP
Recent security research has unveiled that hackers are leveraging a vulnerability in ChatGPT’s infrastructure, leading to the redirection of users to malicious sites. In the span of just one week, over 10,000 exploit attempts were recorded from a single malicious IP address, indicating an urgent threat.
The vulnerability, tracked as CVE-2024-27564, possesses a medium severity rating with a CVSS score of 6.5. Cybersecurity experts from Veriti have highlighted that financial institutions in the United States have become prime targets for these attacks.
Analysis revealed that 35% of organizations faced increased risk due to misconfigurations within their intrusion prevention systems, web application firewalls, and overall firewall settings. The researchers emphasized that the actual risk presented by vulnerabilities often goes beyond their assigned severity scores, stating, “No vulnerability is too small to matter; attackers will exploit any weakness they can find.”
As of now, OpenAI has not responded to inquiries regarding the incident or issued a patch. The vulnerability is categorized as a server-side request forgery (SSRF), located in the pictureproxy.php component of the ChatGPT codebase. This flaw allows attackers to inject harmful URLs into input parameters, compelling the application to execute unintended requests and opening doors for unauthorized access to internal systems.
A demonstrative video showcased how adversaries exploit this flaw to manipulate ChatGPT into making unauthorized requests. Notably, 33% of the attempted attacks are believed to have originated from the United States, with additional campaigns observed targeting countries such as Germany, Thailand, Indonesia, Colombia, and the United Kingdom.
The financial sector appears to be the most affected by these exploit attempts, largely due to its reliance on AI-driven technologies and APIs. However, governmental and healthcare sectors are not exempt and also face significant risks. The exploitation of this vulnerability could lead to unauthorized transactions and detrimental reputational damage.
In light of the ongoing attacks, Veriti has compiled a list of malicious IP addresses associated with the exploitations, urging organizations to conduct vigilant monitoring of their networks for potential compromises. Security teams are advised to strengthen their defenses by ensuring that intrusion prevention systems, web application firewalls, and firewall configurations are current. Implementing stringent input validation processes to thwart URL injection, as well as conducting regular vulnerability assessments focused on AI applications and scrutinizing AI-related traffic for anomalies, are also recommended countermeasures.
