- Cisco Talos found hundreds of Olllama servers that can be abused for all sorts of cyber crime
- Potential threats include model extraction attacks, jailbreaking and abuse of content or injection of back door and model poisoning (implementation of malware)
- Businesses neglect basic security practices warned Cisco
More than 1,100 Olllama servers were found exposed on the public internet and opened the doors to all sorts of cyber crime, experts have claimed.
After a quick Shodan search, security scientists found Cisco Talo’s servers, which are either local or remote systems running large language models without relying on external cloud providers. They allow users to download, manage and run AI models directly on their own hardware or in private infrastructure. This setup is often used by developers and businesses who want more control, privacy and lower latency when working with generative AI.
When these servers are exposed to the wider internet, the model extraction attacks (attackers reconstructing model parameters), jailbreaking and content abuse (forcing LLMs to generate limited or harmful content) or back door injection and model poisoning (implementation of malware), among other things.
Sleeping and active servers
Out of the 1,100 servers discovered, the majority (about 80%) were “sleeping” – which means they did not run any models and therefore could not be abused in cybercrime.
However, the remaining 20%are “active host of models that are susceptible to unauthorized access”, as Cisco Talos put it. The researchers warned how “their vulnerable interfaces could still be exploited in attacks involving resource exhaustion, denial of service or lateral movement.”
Most of the exposed servers are found in the United States (36.6%), followed by China (22.5%) and Germany (8.9%).
For Cisco Talos, the results highlight “a widespread neglect of basic security practices such as access control, approval and network insulation in the implementation of AI systems.”
In many ways, this is not unlike incorrectly configured or exposed databases that malicious actors can easily access, which steals data to be used in phishing or social engineering attacks.
Via Registered
