A small group of threat actors has successfully used commercial generative AI services to breach more than 600 security systems across 55 countries. According to a report from Amazon, the financially motivated attacks leveraged AI to exploit weak security controls at a scale previously requiring a much larger team.
Security researchers at Amazon detailed a widespread campaign where attackers compromised over 600 firewalls. The breaches affected a broad geographical area, with compromised systems identified in South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The report notes that the attackers did not target specific industries, instead focusing on devices with the weakest security postures, such as those with simple passwords and a lack of multi-factor authentication.
The attackers utilized widely available generative AI tools to automate their process. This allowed them to efficiently identify and exploit vulnerabilities at a massive scale. According to the report, this automation enabled a small team to operate as if it were a larger, more sophisticated organization. Experts believe these initial breaches were preparatory stages for potential ransomware attacks, where the attackers would later attempt to move from the compromised security devices into corporate networks.
The primary motivation behind the attacks was financial, according to Amazon. By using AI to automate the initial stages of the attack, the criminals lowered their operational costs and increased their potential reach. The report emphasizes that the attackers typically abandoned their efforts when they encountered more sophisticated defenses, moving on to easier targets. In most instances, even after gaining initial access, they were unable to advance beyond their basic automated attack strategies.
The specific commercial generative AI services used by the attackers were not named in the report. The exact timeframe during which the 600+ breaches occurred is also not specified. Furthermore, the identity of the small group of attackers remains unknown.
Organizations should expect AI-related threat activity to continue growing from both experienced and inexperienced attackers,
stated CJ Moses, head of security engineering and operations at Amazon. The company believes that the increasing accessibility of generative AI technology simplifies the process of launching cyberattacks, effectively lowering the barrier to entry for a new wave of threat actors.
Based on the vulnerabilities exploited in this campaign, security experts recommend several actions to mitigate risk. Organizations and individuals should prioritize implementing strong, unique passwords for all systems. Enabling multi-factor authentication (MFA) wherever possible adds a critical layer of security. It is also crucial to regularly update and patch all security devices, including firewalls, and to actively monitor network traffic for any signs of unusual or unauthorized activity.
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates
