Exploiting Anyscale Ray’s Critical Vulnerability for Cryptocurrency Mining and Data Breaches
Cyber security researchers have issued a stark warning about the ongoing exploitation of a critical vulnerability in the open-source AI platform, Anyscale Ray, identified as CVE-2023-48022, with a severity score of 9.8. This vulnerability exposes critical components like the Dashboard and Client to unauthorised access, creating a pathway for remote attackers to execute arbitrary code via the job submission API. Dubbed as the ShadowRay campaign, this exploit has been active since September 2023, infiltrating various sectors including education, cryptocurrency, and biopharma.
Despite Anyscale Ray being a preferred choice for heavyweight companies such as OpenAI, Uber, Netflix, and others, the platform has yet to address this critical vulnerability. Anyscale has chosen to postpone addressing the vulnerability, arguing that it is not a security flaw but rather an expected feature in line with Ray’s design principles, which prioritise certain authentication protocols. However, this contentious stance has triggered industry-wide concerns about the inherent security risks posed to AI workloads, necessitating more robust defence strategies.
The cyber security community, represented by Oligo Security researchers, has closely observed the exploitation of the ShadowRay vulnerability by threat actors. This exploitation has led to the compromise of numerous Ray clusters, resulting in the illicit acquisition of production database passwords, SSH keys, access tokens, and even the ability to tamper with AI models. Exploiting these vulnerabilities, attackers have seamlessly integrated cryptocurrency mining operations and deployed remote access tools, all while stealthily evading detection mechanisms.
The ShadowRay campaign’s repercussions extend beyond immediate compromises, delving into broader implications for cyber security practices and vulnerability management frameworks. The disputed nature of CVE-2023-48022 has created visibility challenges within security databases, potentially leaving numerous systems vulnerable due to oversight in vulnerability assessments. This obscurity increases the likelihood of undetected compromises and subsequent data breaches within Ray clusters, raising urgent alarms for proactive security measures.
The compromised Ray clusters have unveiled a treasure trove of sensitive data breaches, encompassing compromised AI model integrity, exposure of critical environment variables, leakage of production database credentials, SSH keys, cloud environment access, and tokens associated with prominent platforms like OpenAI, HuggingFace, Stripe, and Slack. These alarming revelations underscore the immediate necessity of implementing stringent authorisation and security protocols within AI platforms like Ray, bridging the gap between functionality and security to mitigate escalating risks effectively.
We advise remaining vigilant against vulnerabilities such as CVE-2023-48022 in platforms like Anyscale Ray. You can choose to monitor these advisories yourself, and implement fixes numerous new exploits emerge. Alternatively, you can entrust this task to industry professionals. At norm. our Managed Threat Detection and Response service provides real-time security monitoring for your network, services, and devices. Leveraging telemetry feeds, threat intelligence feeds, use cases, and play books, our Security Operations Centre (SOC) swiftly identifies and isolates threats, providing you with peace of mind 24/7.
References
ShadowRay: First Known Attack Campaign Targeting AI Workloads Exploited In The Wild (oligo.security)
CISA Publishes Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
The United States Cyber Security & Infrastructure Security Agency (CISA) has recently placed three security flaws into its Known Exploited Vulnerabilities (KEV) catalogue, announcing that wild exploits have been observed for the following vulnerabilities:
- CVE-2023-48788 (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection Vulnerability
- CVE-2021-44529 (CVSS score: 9.8) – Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
- CVE-2019-7256 (CVSS score: 10.0) – Nice Linear eMerge E3-Series OS Command Injection Vulnerability
CVE-2023-48788 details a vulnerability in the Fortinet FortiClient EMS that could be exploited to allow unauthenticated attackers to execute code or commands via specially crafted packet requests. Fortinet has since announced that an exploit has been seen in the wild, however, they provided no further details into the exploitation attacks.
CVE-2021-44529 details a vulnerability within the Ivanti EPM Cloud Services Appliance that can allow an unauthenticated attacker to execute malicious code. Recent research published by the security researcher Ron Bowes suggests that the flaw may have been intentionally introduced as a backdoor in a discontinued open-source project titled csrf-magic.
CVE-2019-7256 details a vulnerability which can allow attackers to perform remote code execution on Nice Linear eMerge E3 Access Controllers, which has been exploited by several attackers since February 2020. This flaw was addressed along with 11 other bugs by Nice earlier this month, however, it is known that all these vulnerabilities were disclosed originally by security researcher Gjoko Krstic in 2019.
As active exploitation has been observed for all three flaws, federal agencies are required to apply all vendor mitigations by April 15th 2024. This development came as CISA and the Federal Bureau of Investigation released a joint alert urging software manufacturers to engage in further advancements for the mitigation of SQL injection flaws, highlighted by the exploitation of CVE-2023-34362. This vulnerability is an SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database.
By utilising norm.’s Vulnerability Patch Management module, customers can ensure they are protected against vulnerabilities disclosed via vendor bug bounty programs.
References:
NVD – CVE-2023-48788 (nist.gov)
NVD – CVE-2021-44529 (nist.gov)
Exploring Cookies: A Deep Dive
What exactly are cookies?
Cookies are files that get downloaded when you visit a website, consisting of a variety of letters and numbers. Your browser stores these cookies for a specific period, the duration can vary depending on its expiry date. Some cookies can be temporary, whilst others can last for over a year.
What’s the purpose of a cookie?
The unique string of letters and numbers that is generated during a session is matched to a specific user, containing information that is specific to them. The cookies customise a user’s experience on a website by recalling their actions and preferences.
Some types of cookies can record the types of websites you visit, potentially leading to targeted advertisements or content similar to what you’ve previously shown interest in.
Types of cookies
Cookies come in all different shapes, sizes, and flavours:
- Session cookies will track a user’s session on a website, ceasing once the user exits their browser or signs out. These cookies, lacking an expiration date, should ideally be deleted at the end of each session.
- Tracking cookies record your activity, generated by tracking services. Your browser relays your preferences to the tracking service when you revisit a website that uses them.
- Persistent cookies last for an extended period, ranging from one day to several years. They have an expiration date but do not cease at the end of a session, like a session cookie.
- Authentication cookies are related to user sessions; when you log into an online account your browser creates an authentication cookie. This cookie links information from your unique cookie string to your session to ensure that you are receiving your correct data.
- Third-party cookies primarily serve tracking purposes, and are similar to tracking cookies, but they function for websites, other than the one that you have visited directly.
- Zombie cookies have the ability to create backups stored in alternative locations, enabling restoration after deletion. This feature occasionally leads to them being used by cyber attackers.
(Figure 1 – Common types of cookies)
How to deal with cookies
Cookies are not inherently malicious and can be managed through your browser’s privacy settings. Blocking or disabling cookies may impair user experience, as some sites will not function reliably without them.
Through browser controls, you can delete, allow, clear or block cookies. You might also consider installing add-ons to enhance browser functionality or opt for private browsing sessions, where cookies, login credentials, or search histories aren’t stored.
Typically, cookies from trusted websites are safe; their data remains unaltered, making transmission of malware or viruses unlikely. However, some viruses or malware may falsely present as a cookie. Cookies such as zombie cookies, can regenerate after deletion, and are therefore more difficult to manage. Regularly reviewing and deleting cookies can help mitigate such risks.
References:
All You Need to Know About Internet Cookies and What They Do (internetcookies.com)
What are cookies? | Cookies definition (Cloudflare)
Should you accept all cookies? (Kaspersky official blog)
Get norm.’s threat bulletin direct to your inbox
norm. tracks and monitors the latest security trends and cyber threats and collates these into a fortnightly threat bulletin.
You can receive this bulletin for free, every fortnight, by entering your business email address below: