Jan 8, 2022
75 Views
0 0

QNAP: Get NAS Devices Off the Internet Now

Written by

Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
Get your internet-exposed, network-attached storage (NAS) devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices.
“The most vulnerable victims will be those devices exposed to the Internet without any protection,” QNAP said on Friday, urging all QNAP NAS users to follow security-setting instructions that the Taiwanese NAS maker included in its alert.
First off, to check whether your NAS is exposed to the internet, QNAP instructed device owners to open the device’s Security Counselor: a built-in security portal that integrates anti-virus and anti-malware software.

“Your NAS is exposed to the Internet and at high risk if there shows ‘The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP’ on the dashboard.” —QNAP
High-risk Security Counselor setting. Source: QNAP.
QNAP directed customers to this site to figure out which router ports are exposed to the internet.
If your NAS device turns out to be exposed to the internet, QNAP recommended taking these two steps to secure it:
Port Forwarding function. Source: QNAP.
 
UPnP function of the QNAP NAS. Source: QNAP.
QNAP also provides detailed instructions on how to prevent malware infections, including via password hygiene, enabling IP and account access protection to prevent brute force attacks, disabling SSH and Telnet connections if you don’t use these services, and avoiding the use of default port numbers such as 22, 443, 80, 8080 and 8081.
QNAP didn’t specify which ransomware gangs or strains are involved in the ongoing attacks, but QNAP device owners have suffered through more than their share over the past few years.
That includes repeated targeting by operators wielding eCh0raix ransomware. aka QNAPCrypt.
In August 2021, Palo Alto Network Unit 42 researchers put out a report about a new variant of eCh0raix that was exploiting a critical bug, CVE-2021-28799 – an improper authorization vulnerability that gives attackers access to hard-coded credentials so as to plant a backdoor account – in the Hybrid Backup Sync (HBS 3) software on QNAP’s NAS devices. Users had started reporting attacks that abused what turned out to be the same flaw in April 2021.
eCh0raix was also used to target QNAP NAS servers in 2019, in targeted attacks that brute-forced weak credentials and exploited known vulnerabilities. QNAP also came under attack by operators inflicting Qlocker ransomware in April 2021.
Password Reset: On-Demand Event: Fortify 2022 with a password security strategy built for today’s threats. This Threatpost Security Roundtable, built for infosec professionals, centers on enterprise credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. Register & Stream this FREE session today – sponsored by Specops Software.
Share this article:
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
1.8M+ attacks, against half of all corporate networks, are attempting to exploit #Log4Shell, including with a new r… https://t.co/dDky1faadm
3 weeks ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source

Article Categories:
Vulnerabilities

Comments are closed.