Security researchers have warned that threat actors are increasingly turning to zero-day exploits to increase the success rate of advanced targeted attacks.
Group-IB noted in its Hi-Tech Crime Trends Report 2023/2024 that it observed a 70% increase in public ads selling zero-day exploits between 2022 and 2023.
In some cases, such as the CVE-2023-38831 zero-day vulnerability in the ZIP file format, the threat actors that discover a bug provide access to clients for a subscription fee – in this case, $1000 per month.
Such threats are popular with advanced cybercrime groups and nation states, especially for cyber-espionage activities where threat actors need to establish persistence and spy on their victims for prolonged periods without discovery, the report claimed.
Read more on zero-day threats: Critical Zero-Day Flaw Exploited in MOVEit Transfer
Elsewhere, Group-IB warned of a growing interest in ChatGPT credentials on the cybercrime underground, as a way to reach sensitive corporate date.
That’s because public LLM models automatically save chat logs with the AI model, but accounts are often not protected by multi-factor authentication (MFA).
“When using AI systems, users often enter all sorts of data, including confidential information such as internal source code, financial information, and trade secrets. Users sometimes even enter data intended for authentication in internal systems,” Group-IB explained.
That means any threat actor with access to a corporate user’s account could gain a direct pathway to a huge volume of sensitive information.
“This gives them access to logs with the communication history between employees and systems, which they can use to search for confidential information (for espionage purposes), details about internal infrastructure, authentication data (for conducting even more damaging attacks), and information about application source code (to analyze it and identify potential vulnerabilities that could be exploited),” the report noted.
Group-IB said it detected more than 225,000 infostealer logs up for sale on the dark web containing compromised ChatGPT credentials between January and October 2023.
As corporates invest more heavily in Apple devices and computers, so these systems are becoming increasingly popular targets for attack, the report added.
Group-IB said the number of queries on the most popular underground forums related to macOS stealers increased five-fold between 2022 and 2023.