Ray framework flaw exploited for hackers to breach servers

Magnifying glass enlarging the word 'malware' in computer machine code

(Image credit: Shutterstock)

The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data.

This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”.

Apparently active since early September 2023, ShadowRay’s operators abused five distinct Ray vulnerabilities to target firms in education, cryptocurrency, biopharma, and other verticals.

"Shadow vulnerability"

Four of the vulnerabilities are tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023, and Anyscale, Ray’s developer, fixed them. The fifth one, deemed a critical remote code execution (RCE) flaw by researchers, and tracked as CVE-2023-48022, was not fixed.

Anyscale argues that this was not a bug, but a feature: "The remaining CVE (CVE-2023-48022) - that Ray does not have authentication built in - is a long-standing design decision based on how Ray's security boundaries are drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy," it said.

As per the developers, this RCE flaw can only be abused in deployments that go against Anyscale’s recommendations and don’t limit Ray’s use to a strictly controlled network environment.

Oligo, on the other hand, says that by disputing the CVE, Anyscale is leaving many developers in the dark on the potential holes. "We have observed instances of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a "shadow vulnerability"—a CVE that doesn't show up in static scans but can still lead to breaches and significant losses."

The researchers said they observed “hundreds” of publicly exposed Ray servers, compromised via this vulnerability. As a result, threat actors were stealing sensitive data such as AI models, production database credentials, and more. In some instances they were even installing cryptominers.

Via BleepingComputer

More from TechRadar Pro

AI models could be attacked, flawed by this Hugging Face security issue — security worries add to AI concerns
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.