Sysdig Report Highlights LLMjacking and Other Security Threats

Sysdig has released its 2024 Global Threat Report, outlining the changing nature of cyberattacks in 2024.

For example, Sysdig describes the growing practice of LLMjacking, which involves stealing access to cloud accounts that host large language models (LLMs). “Mirroring earlier cryptojacking and proxyjacking techniques, LLMJacking presents an even more formidable financial threat.” In the six months since Sysdig first identified LLMjacking, the daily costs to victims have roughly doubled from $46,000 per day to more than $100,000 daily, the report notes.

Sysdig notes that whereas cryptomining attacks are fairly easy to identify based on CPU resource consumption, LLM usage cannot be detected this way because “there is only one behavior – a call to the LLM.” Additionally, “LLM resource consumption will vary greatly across individual users and, therefore, it is difficult to differentiate between legitimate and malicious use.” Thus, the report emphasizes the importance of establishing baselines for your enterprise cloud account LLM usage, so teams can readily identify anomalies.

This report follows the company’s Cloud-Native Security and Usage Report from earlier this year, which highlighted other security threats and outlined best practices. For example, the report says “less than 50% of environments have alerts set to trigger on CPU and memory use. Furthermore, a majority of users do not have maximum limits set on their CPU or memory use.” Without such limits, organizations risk having to pay for resources used by attackers in their environment.

Sysdig notes that, “with the ease of scalability in cloud environments, some campaigns can rack up $80,000 in victim costs in just a few hours.”

Learn more at Sysdig.