ShadowRay Exploit Targets AI Software, Compromising Cloud Data and Cryptocurrency Mining
March 27, 2024Cybersecurity researchers at Oligo Security identified an active exploit of an unpatched vulnerability in Anyscale's Ray AI software, named ShadowRay and tracked as CVE-2023-48022.
The vulnerability has been exploited for seven months, allowing remote code execution through the job submission API, leading to data breaches and unauthorized cryptocurrency mining.
Attackers gaining root privileges can access victims' entire cloud environments, including services in AWS, Google, and Microsoft Azure, and steal sensitive data such as credentials for OpenAI, Stripe, Slack, along with password hashes and private SSH keys.
Anyscale has yet to release a fix but is developing a script to assist users in verifying secure configurations to prevent accidental exposure.
Oligo Security has provided organizations with indicators of compromise and mitigation strategies to protect against unauthorized access to their clusters.
This incident marks the first known targeted attack on AI workloads through AI infrastructure vulnerabilities, highlighting the emerging need for robust security in AI systems.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources
The Register • Mar 27, 2024
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flawThe Hacker News • Mar 27, 2024
Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency MiningHelp Net Security • Mar 27, 2024
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) - Help Net Security