Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
Over 10K Exploit Attempts Recorded in a Week From a Single Malicious IP
Hackers are exploiting a vulnerability in ChatGPT’s infrastructure to redirect users to malicious websites, with security researchers recording more than 10,000 exploit attempts in a week from a single malicious IP address.
See Also: Capturing the cybersecurity dividend
Tracked as CVE-2024-27564, the medium severity vulnerability with a CVSS score of 6.5 has gained traction, with hackers primarily targeting financial institutions in the United States, researchers at cybersecurity firm Veriti said.
Of the organizations that the researchers analyzed, 35% were at risk because of misconfigurations in intrusion prevention systems, web application firewalls and firewall settings.
“This vulnerability has already become a real-world attack vector, proving that severity scores don’t dictate actual risk,” the researchers said. “No vulnerability is too small to matter; attackers will exploit any weakness they can find.”
OpenAI has not commented on the incident or released a patch.
CVE-2024-27564 is a server-side request forgery vulnerability located in the pictureproxy.php component of ChatGPT code. Attackers can inject malicious URLs in the input parameters, forcing the application to execute unintended requests. This opens a gateway for malicious actors to access internal systems, gather data or launch further attacks.
A demonstration showed how attackers manipulate the flaw to trick ChatGPT into making unauthorized requests. The researchers identified 33% of the attacks to originate in the U.S., with some campaigns also targeting Germany, Thailand, Indonesia, Colombia and the United Kingdom.
The financial sector has borne the brunt of the attacks, primarily due to its reliance on AI-driven services and APIs, but government and healthcare organizations also face risks. Hackers can exploit the vulnerability to conduct unauthorized transactions and cause reputational damage.
Veriti provided a list of malicious IP addresses linked to recent exploit attempts, encouraging organizations to monitor their networks for signs of compromise. Researchers said that security teams should reinforce their defenses by ensuring IPS, WAF and firewall configurations are up to date, implementing strict input validation to prevent URL injection, conducting regular vulnerability assessments focused on AI applications and monitoring for anomalies in AI-related traffic patterns.