QNAP takes down server behind widespread brute-force attacks

Trending 1 month ago


QNAP took down a malicious server utilized successful wide brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices pinch anemic passwords.

The Taiwanese hardware vendor detected nan attacks connected nan evening of October 14 and, pinch assistance from Digital Ocean, took down nan command-and-control server (used to power a botnet of hundreds of infected systems) wrong 2 days.

"The QNAP Product Security Incident Response Team (QNAP PSIRT) swiftly took action by successfully blocking hundreds of zombie web IPs done QuFirewall wrong 7 hours, efficaciously protecting galore internet-exposed QNAP NAS devices from further attack," nan company said.

"Within 48 hours, they besides successfully identified nan root C&C (Command & Control) server and, successful collaboration pinch nan unreality work supplier Digital Ocean, took measures to artifact this C&C server, preventing nan business from escalating further."

QNAP urges its customers to unafraid their devices by changing nan default entree larboard number, deactivating larboard forwarding connected their routers and UPnP connected nan NAS, utilizing robust passwords for their accounts, implementing password policies, and deactivating nan admin relationship targeted successful attacks.

It besides provides elaborate instructions connected really to instrumentality protect measures successful its information guide:

  • Disable nan "admin" relationship (page 30)
  • Set beardown passwords for each personification accounts and debar utilizing anemic passwords (page 34)
  • Update QNAP NAS firmware and apps to nan latest versions (page 24)
  • Install and alteration nan QuFirewall exertion (page 46)
  • Utilize myQNAPcloud Link's relay work to forestall your NAS from being exposed to nan internet. If location are bandwidth requirements aliases circumstantial applications necessitating larboard forwarding, you should debar utilizing nan default ports 8080 and 443 (page 39)

"This onslaught occurred complete nan weekend, and QNAP promptly identified it done unreality technology, quickly pinpointing nan root of nan onslaught and blocking it," said Stanley Huang, nan caput of QNAP PSIRT, past week.

"This not only assisted QNAP NAS users successful avoiding harm but besides protected different retention users from being affected by this activity of attacks."

The company regularly warns its customers to beryllium cautious of brute-force attacks against QNAP NAS devices that are exposed online, arsenic these attacks often consequence successful ransomware attacks [1, 2, 3].

Cybercriminals frequently target NAS devices, aiming to bargain aliases encrypt valuable documents aliases instal information-stealing malware. These devices are often utilized for backing up and sharing delicate files, making them valuable targets for malicious actors.

Recent attacks targeting QNAP devices include DeadBolt, Checkmate, and eCh0raix ransomware campaigns abusing information vulnerabilities to encrypt information connected Internet-exposed NAS devices.

Synology, different Taiwanese NAS maker, also warned customers successful August 2021 that their network-attached retention devices were being targeted by nan StealthWorker botnet successful ongoing brute-force attacks that could lead to ransomware infections.