NAS Devices Still Targeted by Brute-Force Attacks, QNAP Warns
The company recommends evaluating and increasing NAS devices’ security to stop the ongoing threats.
Leading computing, networking, and storage solution innovator QNAP has recently warned its customers of ongoing attacks targeting QNAP Network-Attached Storage (NAS) devices.
The company urges its users to immediately increase their devices’ security, including using strong passwords, changing the default access port number, and disabling the admin account.
QNAP has been very active in patching vulnerabilities in their devices. Late last year, it fixed a cross-site scripting vulnerability, and earlier this year issued patches to neutralize UnityMiner malware that used the QNAP device to mine cryptocurrency. The program was customized by keeping the cryptocurrency mining process and the real CPU memory resource usage details under the radar in order to hide the malicious activity from QNAP owners.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
While former attacks exploited software vulnerabilities on unpatched devices, the current campaign exploits human behavior. The threat actors use simple tools to break into the device by trying to log in using a list of common passwords and previously compromised credentials.
Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks – where hackers would try every possible password combination of a QNAP device user account. If a simple, weak, or predictable password is used (such as “password” or “12345”) hackers can easily gain access to the device, breaching security, privacy, and confidentiality.
After guessing the right credentials, hackers get full access to the targeted device, allowing them to exfiltrate sensitive documents or deploy malware. If they fail to brute-force their way in, the attempts will be recorded and marked with “Failed to login” warning messages by NAS devices’ system logs.
QNAP recommends users to enhance NAS security by implementing password rotation policies and disabling the default admin account. Additionally, since the attack is only possible on Internet-facing NAS devices, QNAP suggests customers don’t expose their devices on public networks.
What’s more, you can follow QNAP’s recommendations below to prevent malware infection or other attacks, and better secure your device and protect your data.
- Remove unknown or suspicious accounts.
- Remove unknown or suspicious applications.
- Disable auto-router configuration and set up device access controls in myQNAPcloud.
- Avoid opening default port numbers to the Internet.
- Install and run the latest version of Malware Remover.
- Change passwords for all accounts.
- Update installed QTS applications to the latest versions.
- Update QTS to the latest available version.
- Install QuFirewall.