According to a recent survey, nearly 4 out of 10 professionals in compliance roles within asset management, investment advisory, and secret market sectors have not yet evaluated AI as a cybersecurity threat. Similarly, a comparable number express apprehension regarding the enforcement of the Securities and Exchange Commission’s (SEC) new cybersecurity regulations.
A new cyber attack campaign named “ShadowRay” is targeting Ray, a popular open-source AI model, exploiting an unpatched vulnerability that enables the theft of computing power and sensitive data from numerous businesses.
As reported by Oligo, these security issues have been active since at least September 5, 2023, affecting industries such as training, bitcoin, biopharma, and others.
Ray, an open-source framework developed by Anyscale, is utilized to scale AI and Python applications across multiple computers for distributed computational workloads.
With over 30,500 stars on GitHub, Ray is widely adopted by organizations worldwide, including Amazon, Spotify, LinkedIn, Instacart, Netflix, Uber, and OpenAI, for tasks like training ChatGPT.
In November 2023, Anyscale disclosed five vulnerabilities in Ray, addressing four (CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, CVE-2023-48023) while leaving a critical remote code execution flaw, CVE-2023-48022, unresolved due to its intentional lack of authentication as a longstanding design choice.
Anyscale clarifies that CVE-2023-48022 is only exploitable in environments deviating from the recommended secure network setup detailed in the project’s documentation.
Oligo’s report highlights the active exploitation of CVE-2023-48022 in unsecured environments, categorizing it as a “shadow vulnerability” that escapes detection by many development teams and static scanning tools.
Attackers have compromised numerous publicly exposed Ray servers via CVE-2023-48022, gaining access to sensitive data like AI models, production database credentials, and cloud environment tokens. Some attackers have utilized powerful GPUs for cryptocurrency mining, while others have employed Python pseudo-terminals to execute arbitrary code for maintaining control in compromised systems.
To defend against ShadowRay, Oligo recommends operating within secure environments by implementing firewall rules, securing the Ray Dashboard port with authorization, monitoring for anomalies, avoiding default configurations like binding to 0.0.0.0, and utilizing security-enhancing tools for cluster protection.
