Lateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that model invocation logging was disabled. The researchers said multiple foundation models were invoked, a pattern consistent with “LLMjacking”.Then, the operation escalated into resource abuse. After preparing keys and security groups, the attackers attempted to initiate high-end GPU instances for machine learning workloads. While most powerful instances failed due to capacity limits, a costly GPU instance was eventually launched, with scripts to install CUDA, deploy training frameworks, and expose a public JupyterLab interface.Some of the code was found referencing nonexistent repositories and resources, which Sysdig researchers attributed to LLM hallucinations.Experts argue that the most unsettling takeaway isn’t that AI introduced a new attack technique. It is that AI removed hesitation.”When you strip this attack down to its essentials, what stands out isn’t a breakthrough technique,” said Shane Barney, CISO at Keeper Security. “It’s how little resistance the environment offered once the attacker obtained legitimate access.” He warned that AI collapses reconnaissance, privilege testing, and lateral movement into “a single, rapid sequence,” eliminating the buffer time defenders have historically relied on.To reduce exposure, Sysdig researchers advised enforcing least privilege across IAM users, roles, and Lambda execution roles, tightly limiting permissions such as “UpdateFunctionCode” and “PassRole”, and ensuring sensitive S3 buckets are never public. Enabling Lambda versioning, turning on Amazon Bedrock model invocation logging, and monitoring for large-scale enumeration activity are also critical, they added.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4126336/from-credentials-to-cloud-admin-in-8-minutes-ai-supercharges-aws-attack-chain.html
