Hackers quietly mine crypt and gain access to the largest AI models.
In September 2023, a new campaign codenamed ShadowRay was discovered, which targeted an uncorrected vulnerability in the popular Ray framework that allows it to hijack computing power and steal confidential data from thousands of companies from various sectors, including education, cryptocurrencies and biopharmaceuticals.
Anyscale Ray is used to scale AI and Python-based applications across clusters of distributed computing machines. The popular framework is widely used around the world by large organizations such as Amazon, Spotify, Instacart, Netflix, Uber and OpenAI, including ChatGPT training.
Active use of the flaw began after Anyscale disclosed 5 vulnerabilities in Ray in November 2023, of which 4 were fixed, but one critical RCE vulnerability (CVE-2023-48022, CVSS rating: 9.8) remained without correction due to its connection with the company's decision to add an authentication mechanism.
The vulnerability gave hackers the opportunity to exploit in unprotected environments. However, despite the fact that Anyscale does not consider the error significant, since it is not intended for operation outside a strictly controlled network environment, as stated in the vendor documentation.
According to the information security company Oligo, in September 2023, active exploits of the CVE-2023-48022 vulnerability were observed, which led to hundreds of publicly available Ray servers being compromised, which allowed attackers to gain access to sensitive information, including AI models, environment variables, database credentials and cloud access tokens. on Wednesdays.
In some cases, attackers used access to powerful video cards for mining the Monero cryptocurrency or installed Reverse Shell to gain permanent access to compromised environments by executing arbitrary code through Python pseudo-terminals.
It is worth noting that many developers may not have noticed the section of the Ray documentation dedicated to this error, or may not have realized its existence at all. This caused CVE-2023-48022 to become a shadow vulnerability — a problem that is not detected by static scanners, but can lead to serious security breaches and significant losses.
To protect against attacks from ShadowRay, Oligo recommends ensuring the security of Ray deployments by working in a secure environment with firewall rules, adding authorization to the Ray Dashboard port, and continuous monitoring for anomalies.
In September 2023, a new campaign codenamed ShadowRay was discovered, which targeted an uncorrected vulnerability in the popular Ray framework that allows it to hijack computing power and steal confidential data from thousands of companies from various sectors, including education, cryptocurrencies and biopharmaceuticals.
Anyscale Ray is used to scale AI and Python-based applications across clusters of distributed computing machines. The popular framework is widely used around the world by large organizations such as Amazon, Spotify, Instacart, Netflix, Uber and OpenAI, including ChatGPT training.
Active use of the flaw began after Anyscale disclosed 5 vulnerabilities in Ray in November 2023, of which 4 were fixed, but one critical RCE vulnerability (CVE-2023-48022, CVSS rating: 9.8) remained without correction due to its connection with the company's decision to add an authentication mechanism.
The vulnerability gave hackers the opportunity to exploit in unprotected environments. However, despite the fact that Anyscale does not consider the error significant, since it is not intended for operation outside a strictly controlled network environment, as stated in the vendor documentation.
According to the information security company Oligo, in September 2023, active exploits of the CVE-2023-48022 vulnerability were observed, which led to hundreds of publicly available Ray servers being compromised, which allowed attackers to gain access to sensitive information, including AI models, environment variables, database credentials and cloud access tokens. on Wednesdays.
In some cases, attackers used access to powerful video cards for mining the Monero cryptocurrency or installed Reverse Shell to gain permanent access to compromised environments by executing arbitrary code through Python pseudo-terminals.
It is worth noting that many developers may not have noticed the section of the Ray documentation dedicated to this error, or may not have realized its existence at all. This caused CVE-2023-48022 to become a shadow vulnerability — a problem that is not detected by static scanners, but can lead to serious security breaches and significant losses.
To protect against attacks from ShadowRay, Oligo recommends ensuring the security of Ray deployments by working in a secure environment with firewall rules, adding authorization to the Ray Dashboard port, and continuous monitoring for anomalies.
