In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT infrastructure. Their research, shared with Hackread.com, focuses on CVE-2024-27564, a Server-Side Request Forgery (SSRF) flaw, which despite its classification as a medium-severity issue, is being actively weaponized in real-world scenarios.
Veriti’s investigation has revealed some troubling findings. One notable discovery is the very volume of attack attempts, with 10,479 attack attempts recorded in a single week originating from just one malicious IP address.
Furthermore, a significant portion of organizations, specifically 35%, are found to be inadequately protected due to misconfigurations in their security systems, including Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), and traditional firewalls.
This attack has a global impact, with the United States experiencing the highest concentration of attacks at 33%, followed by Germany and Thailand, each at 7%. Other affected regions include Indonesia, Colombia, and the United Kingdom. The following graph depicts the attack trend over time, showcasing a surge in activity during January, followed by a decrease in February and March.
The research specifically identifies the financial sector as a primary target for these attacks. This is attributed to the heavy reliance of banks and fintech companies on AI-driven services and API integrations, which makes them susceptible to SSRF attacks that can compromise internal resources and sensitive data.
The potential consequences for financial institutions include data breaches, unauthorized transactions, regulatory penalties, and massive reputational damage. Additionally, researchers noted a critical point: “No vulnerability is too small to matter, attackers will exploit any weakness they can find.” They emphasize that overlooking medium-severity vulnerabilities can be a costly mistake, particularly for these high-value organizations.
Typically, in security practices, priority is often given to critical and high-severity vulnerabilities. However, as Veriti’s research demonstrates, attackers are opportunistic, exploiting any weakness they encounter, regardless of its severity ranking. Therefore, vulnerability prioritization should not solely rely on severity scores, as attack trends can shift rapidly, and vulnerabilities once considered insignificant can become favoured attack vectors.
Veriti has also identified a list of IP addresses actively involved in exploiting this vulnerability, providing valuable intelligence for security teams. To mitigate the risks associated with CVE-2024-27564, researchers recommend that security teams immediately review their IPS, WAF, and firewall configurations. They should also actively monitor logs for attack attempts originating from the identified malicious IP addresses and prioritize the assessment of AI-related security gaps in their risk management strategies.