Cyber Heist Alert: ‘ShadowRay’ Siphons AI Smarts from Top Tech Titans!

Beware the “ShadowRay” campaign: hackers unleash their dark arts on the AI world, turning Ray’s unpatched flaw into their magic wand for data heists and crypto mischief! #ShadowRayHack Attack

Hot Take:

Move over vampires and werewolves, there’s a new shadow lurking in town, and it’s feasting on AI brains! “ShadowRay” sounds like a rejected X-Men character but is actually a sly hacking campaign exploiting the geeky underbelly of open-source AI. It’s like someone found a cheat code in a video game, but instead of unlimited lives, they got unlimited compute power. Who needs zombies when you’ve got hackers turning your AI into crypto-miners?

Key Points:

  • “ShadowRay” hacking campaign exploits an unpatched vulnerability in the Ray AI framework.
  • The attacks have been targeting various sectors, including education and cryptocurrency, for computational hijacking and data leakage.
  • Anyscale disclosed five vulnerabilities but left one critical flaw unpatched, leading to its active exploitation.
  • Oligo’s report indicates that hundreds of Ray servers were compromised, leading to sensitive data exposure and unauthorized crypto-mining.
  • Defense strategies include operating within secured environments and continuously monitoring for anomalies.
Cve id: CVE-2023-48022
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 11/28/2023
Cve description: Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Title: Ray Log File Local File Include
Cve id: CVE-2023-6021
Cve state: PUBLISHED
Cve assigner short name: @huntr_ai
Cve date updated: 12/06/2023
Cve description: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Title: Ray Static File Local File Include
Cve id: CVE-2023-6020
Cve state: PUBLISHED
Cve assigner short name: @huntr_ai
Cve date updated: 02/08/2024
Cve description: LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

Title: Ray Command Injection in cpu_profile Parameter
Cve id: CVE-2023-6019
Cve state: PUBLISHED
Cve assigner short name: @huntr_ai
Cve date updated: 12/06/2023
Cve description: A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Cve id: CVE-2023-48023
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 11/28/2023
Cve description: Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Need to know more?

The Unpatched Pandemonium

Imagine leaving your car unlocked in a high-crime neighborhood and then being surprised when someone takes it for a joyride. That's what happened with Ray. Anyscale, the creators of this AI framework, decided not to address a critical flaw because of "long-standing design decisions." The result? A hacker's all-you-can-eat buffet featuring a main course of sensitive data and a side of crypto-mining.

A "Bug" by Any Other Name

Anyscale might call it a "bug," but in the cyber world, a bug by any other name can still sting like a vulnerability. This particular "bug" has left Ray deployments open to attacks, much like leaving a "Beware of Dog" sign on your gate but forgetting to actually get a dog. Oligo's report is waving red flags, but it seems like some folks are colorblind to this particular shade of danger.

The Crypto-Miners' New Gold Rush

Hackers have struck gold, but instead of pickaxes and shovels, they're using powerful graphics cards meant for AI training to mine cryptocurrency. It's like finding out your supercomputer has been moonlighting as a digital gold digger. And with the ability to snoop around for cloud environment access tokens, they're not just mining; they're potentially throwing a rave in your digital space with all your sensitive data on the guest list.

Hide and Seek with Reverse Shells

Some hackers are playing a game of hide and seek using reverse shells. They're not just peeking into your digital life; they're setting up camp and roasting marshmallows over the warm glow of your computer's processing power. With the ability to execute arbitrary code, they're essentially puppeteering your machines like they're auditioning for a cybernetic version of "Pinocchio."

The Defense Against the Dark Arts of Hacking

To combat the ShadowRay, Oligo suggests a few magical spells: firewall rules, authorization enchantments, and a keen eye for anomalies. Basically, treat your AI framework like a fortress in a medieval fantasy; raise the drawbridge, man the towers, and maybe hire a dragon or two for good measure. Who knew cybersecurity could feel like an RPG?

The More You Know

In the realm of cybersecurity, knowledge is power, and staying informed is like having an enchanted shield. Keep those software updates rolling, don't skimp on security measures, and maybe, just maybe, consider that some "long-standing design decisions" are worth revisiting. After all, who wants to be part of the next plot twist in the cyber saga of ShadowRay?

Tags: AI Model Security, Cryptocurrency Mining, CVE-2023-48022, Open Source Software Risks, privilege escalation, Ray Framework Vulnerability, Remote Code Execution