The most common API actions called by attackers with vulnerable credentials earlier this year include InvokeModel, InvokeModelStream, Converse, and ConverseStream. However, attackers have also recently been seen using PutFoundationModelEntitlement and PutUseCaseForModelAccess, which are used to enable models, and ListFoundationModels and GetFoundationModelAvailability, in advance to determine which models an account has access to.
This means that organizations that have installed Bedrock but have not unlocked certain models are not safe. The cost difference between different models can be significant. For example, in the use of the Claude 2.x model the researchers calculated a potential cost of more than $46,000 per day but for models like the Claude 3 Opus the cost could be two to three times higher.
Researchers have seen attackers use Claude 3 to generate and develop script code designed to query the model in the first place. The script is designed to continuously interact with the model, generate responses, monitor specific content, and save the results to text files.
Source link