- Cisco Talos found hundreds of Ollama servers that can be abused of all types of cyber crimes
- Potential threats include attacks on extraction of models, jailbreak and content abuse, rear door injection and models poisoning (deploying malware)
- Companies are neglecting fundamental security practices, Cisco warned
More than 1,100 Ollama servers exposed on the public Internet were found, opening the doors to all types of cyber crimes, they have affirmed.
After a quick search for Shodan, Cisco Talos security researchers found servers, which are local or remote systems that execute large language models without depending on external cloud suppliers. They allow users to download, manage and execute models AI directly in their own hardware or in private infrastructure. This configuration is often used by developers and companies that want more control, privacy and lower latency when they work with generative.
When these servers are exposed to the broadest Internet, they allow attacks to extraction of models (attackers that reconstruct the model parameters), Jailbreaking and content abuse (forcing LLM to generate restricted or harmful content), or rear injection and poisoning of the model (malware display), among other things.
Latent and active servers
Of the 1,100 servers that were discovered, the majority (around 80%) were “inactive”, which means that they were not executing any model and, therefore, could not be abused in cybercrime.
However, the remaining 20%are “actively hosting models susceptible to unauthorized access,” as Cisco Talos said. The researchers warned how “their exposed interfaces could still be used in attacks involving resources, denial of the lateral service or movement.”
Most of the exposed servers are found in the United States (36.6%), followed by China (22.5%) and Germany (8.9%).
For Cisco Talos, the findings “highlight generalized negligence of fundamental security practices, such as access control, authentication and network isolation in the implementation of AI systems.”
In many ways, this is not different from poorly configured or exposed databases, to which malicious actors can easily access, stealing data to use in phishing or social engineering attacks.
Through The registration
