Threat actors using ChatGPT vulnerability to exploit healthcare industry

A newly identified ChatGPT vulnerability is being actively exploited by cyber attackers, posing a risk to industries handling sensitive data, including healthcare, finance, and government sectors.

What happened

A ChatGPT vulnerability, CVE-2024-27564, is being actively exploited by threat actors to attack security flaws in AI technologies. The identified vulnerability exploits a Server-Side Request Forgery (SSRF) in ChatGPT to redirect users to malicious websites. This tactic allows attackers to potentially steal sensitive data or disrupt AI tool availability, creating a threat for industries relying on AI integrations. Industries holding sensitive data, such as healthcare, finance, and government departments, are prime targets. Initially categorized as medium risk by the National Institute of Standards and Technology (NIST) when discovered a year ago, a recent report by cybersecurity firm Veriti warns of ongoing exploitation. 

Going deeper

Findings from Veriti's report include:

• Over 10,000 attack attempts occurred in a single week.
• The United States is the most affected region.
• 35% of analyzed organizations are unprotected due to misconfigurations in intrusion prevention systems, web application firewalls, and firewall settings.

What was said

Scott Gee, Deputy National Advisor for Cybersecurity and Risk at the American Hospital Association, emphasized the potential impact, stating, “This could allow an attacker to steal sensitive data or impact the availability of the AI tool.”

Why it matters

The CVE-2024-27564 vulnerability is concerning because it targets ChatGPT’s integration with other systems, exploiting a Server-Side Request Forgery (SSRF) to redirect users to malicious websites. This not only threatens the confidentiality of sensitive data but also puts the availability and integrity of AI-powered tools at risk. Industries like healthcare and finance, which rely on AI to manage sensitive information, face heightened exposure. The fact that over 10,000 attack attempts occurred in a single week shows the urgency for organizations to patch vulnerabilities and review security measures. Without immediate action, attackers could continue leveraging this flaw to infiltrate infrastructure and access protected data.

The bottom line

The active exploitation of the CVE-2024-27564 vulnerability is a reminder that cybersecurity in AI integrations requires constant vigilance. Organizations relying on AI must take steps to reinforce their defenses and mitigate potential threats.

FAQs

What is a Server-Side Request Forgery (SSRF)?

SSRF is a vulnerability that allows attackers to send unauthorized requests from a server to another server, often redirecting users to malicious websites.

What steps should organizations take in response to a breach?

Organizations should activate their incident response plans, involve cybersecurity experts promptly, and assess the full impact of the breach to contain and mitigate the attack.

How long has this vulnerability been known?

The CVE-2024-27564 vulnerability was initially discovered a year ago, but its exploitation has increased recently.

Is this vulnerability part of a larger trend in cybersecurity?

Yes, the vulnerability reflects broader trends in cyberattacks targeting AI technologies and their integration with critical systems, highlighting the need for enhanced cybersecurity practices.