Ray AI Security Breach: Vulnerability Leads to Thousands of Servers Hacked

Ray AI Security Breach: Vulnerability Leads to Thousands of Servers Hacked

Researches from Oligo Security discovered a critical vulnerability in Ray, an open-source AI framework that is widely used across many sectors, including tech, education, and medicine.

Diving Further

This vulnerability, CVE-2023-48022 also known as ShadowRay, is allowing attackers to hijack the computer and also steal sensitive data.

The Researchers said:

Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulnerability that is under dispute and thus has no patch.

And to make matters worse, it’s that the vulnerability is up and running in the Ray framework, without a patch in sight:

This flaw has been under active exploitation for the last 7 months, affecting sectors like education, cryptocurrency, biopharma and more.

In 30th of November 2023, Anyscale posted on their blog five vulnerabilities that affects the AI framework Ray. Anyscale fixed four of the flaws with the release of Ray 2.8.1. But the vulnerability tracked as CVE-2023-48022 (ShadowRay), was dismissed and their developers stated that it was a feature, and therefore did not require a fix.

On a quick Google search, we discover that Anyscale is used by major tech companies such as Uber, Amazon and OpenAI.

ShadowRay

This critical issue has received a 9.8 CVE Score. The Common Vulnerability Scoring System (CVSS) rates the severity of vulnerabilities from 0 to 10, with 10 being the most severe.

It remains to be debated if this vulnerability resulted in data theft. Due to the nature of the issue, and the fact that no company has yet stated about any related incidents.

Crypto Mining Incident

In their recent investigation, Oligo Security has discovered an extensive breach that happened before the vulnerability was disclosed. This involved numerous GPU clusters used for crypto-mining. Cybercriminals leveraging tools like ShadowRay, XMRig, NBMiner, and Zephyr miner.

With damages nearing a billion dollars, these clusters were systematically targeted by what is suspected to be an organized hacker group.

Following the Backlash

Within 24 hours after Oligo security addressed security concerns, Anyscale responded in a blog post, stating:

In light of reports of malicious activity, we have moved quickly to provide tooling to allow users to verify proper configuration of their clusters to avoid accidental exposure.

And:

We are also including these capabilities in Ray 2.11, expected in April.

Desperate times ask for desperate measures. Hats off for the quick response, but we see yet again major security breaches that should be covered by common security sense.

As always, stay safe!

Photo by Mikhail Nilov.