Cybersecurity experts issue a warning about ongoing exploitation of a critical vulnerability in an open-source AI platform called Anyscale Ray, allowing threat actors to hijack computing power for illicit cryptocurrency mining.
According to a disclosure by Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz, this flaw has been actively exploited for the past seven months, impacting sectors such as education, cryptocurrency, and biopharma.
Dubbed "ShadowRay" by the Israeli application security firm, this campaign marks the first instance of AI workloads being targeted in the wild due to vulnerabilities within the AI infrastructure.
Ray, a widely-used compute framework utilized by major companies like OpenAI, Uber, and Netflix, enables the building, training, and scaling of AI and Python workloads.
The vulnerability in question, CVE-2023-48022, is a critical missing authentication bug allowing remote attackers to execute arbitrary code via the job submission API. Despite being reported alongside two other flaws by Bishop Fox in August 2023, Anyscale has no plans to address the issue currently.
The absence of authentication controls in Ray's Dashboard and Client components enables unauthorized actors to submit jobs, delete existing ones, retrieve sensitive data, and execute remote commands, potentially granting access to operating systems and sensitive credentials.
Hundreds of Ray GPU clusters have fallen victim to exploitation, resulting in the compromise of production database passwords, SSH keys, and access tokens related to prominent services like OpenAI and Slack.
Furthermore, attackers have installed cryptocurrency miners and reverse shells for persistent remote access, while leveraging tools like Interactsh to evade detection.
As the situation unfolds, cybersecurity experts stress the urgent need for organizations to address these vulnerabilities and enhance security measures to safeguard against future attacks.
0 comments:
Post a Comment