A Blog by Jonathan Low

 

Nov 11, 2023

Trying To Woo More Users, OpenAI's ChatGPT Attracted Cyber-Attacks

Another failed assessment of the tradeoff between growth and security - and by a company which should definitely know better. JL 

Faustine Ngila reports in Quartz:

Days after ChatGPT creator OpenAI made efforts to pull in more users at its first-ever developer conference, its platform has faced prolonged service throttling. The outage comes after OpenAI announced during its conference on Nov. 6 that it would allow users to create their own versions of the GPT chatbot. To respond to increasing competition from other AI chatbot creators, OpenAI also cut prices and promised more customer copyright protection. But massive site traffic attracts cyber criminals and raises questions about the security of ChatGPT, used by 100 million people every week.

Days after ChatGPT creator OpenAI made efforts to pull in more users at its first-ever developer conference, its platform has faced prolonged service throttling. Now ChatGPT has been intermittently down for two days and counting.

In its latest status update, the company said it is “dealing with periodic outages due to an abnormal traffic pattern reflective of a Distributed Denial of Service (DDoS) attack.” The company, though, says it invests in security, “as we believe it is foundational to our mission” and that it has advanced the creation of AI that can “continuously prepare for emerging security threats.”

The outage arrives as OpenAI targets more premium and enterprise customers—and raises questions about the security of ChatGPT, used by 100 million people every week.

DDoS attacks precede the demand for ransom

The outage comes after OpenAI announced during its conference on Nov. 6 that it would now allow users to create their own customized versions of the GPT chatbot. To respond to increasing competition from other AI chatbot creators, OpenAI has also cut prices for its services and promised more customer copyright protection on Nov. 7.

While these two announcements may have driven more traffic to ChatGPT, it’s unlikely that more users would cause service outage due to constrained cloud storage. But massive site traffic attracts another kind of activity: that of cyber criminals, who engineer cruel tactics to render core services inaccessible by pinging a site repeatedly. This is a common scheme used by cyber attackers to demand for ransom from the target.

OpenAI has been working to thwart the attack, which has affected the Application Programming Interface (API) tools that developers use to build on its models. Initially, developers reported high error rates on Nov. 8; the company says it has since fixed the glitch. The API is used by over two million developers, including more than 92% of Fortune 500 companies. Meanwhile, its service remains down.

Ransomware attacks are rising

While no hacking gang has claimed responsibility to the OpenAI cyber attack so far, 2023 has already seen global ransomware rates climb 50% from last year, according to an Oct. 18 report (pdf) by German financial services and insurance firm Allianz. “Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics,” said Scott Sayce, Allianz global head of cyber security, in the report. “The attackers are back, and focused again on Western economies, with more powerful tools, enhanced processes, and attack mechanisms.”

What fuels this trend this year is the widespread availability of kits that the report calls “ransomware-as-a-Service (RaaS)” whose prices start from as little as $40. Ransomware gangs in the US, according to IBM Security, are also carrying out more attacks faster, with the average number of days taken to execute one attack falling from around 60 days in 2019 to four.

0 comments:

Post a Comment