QNAP, a Networking hardware company, has effectively taken down a malicious server that was utilized in extensive brute-force attacks targeting Internet-exposed NAS devices.
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
Additionally, they were able to locate the source C&C (Command & Control) server within 48 hours. QNAP worked with cloud service provider Digital Ocean to take action to shut down this C&C server, preventing the problem from getting worse.
A brute force attack uses trial and error to determine encryption keys, login credentials, or the location of a hidden website. Hackers try every combination in the hopes of making an accurate estimate.
Despite being an older attack strategy, hackers continue to find it to be useful and popular. The term “brute force” refers to attempts by attackers to enter user accounts by employing excessive amounts of force.
Steps To Mitigate The Risks
In its security guide, QNAP offers comprehensive guidance on how to put protective measures in place.
- Disable the “admin” account. (Refer to page 30)
- Set strong passwords for all user accounts and avoid using weak passwords. (Refer to page 34)
- Update QNAP NAS firmware and apps to the latest versions. (Refer to page 24)
- Install and enable the QuFirewall application. (Refer to page 46)
- Utilize myQNAPcloud Link’s relay service to prevent your NAS from being exposed to the internet. If there are bandwidth requirements or specific applications necessitating port forwarding, you should avoid using the default ports 8080 and 443. (Refer to page 39)
“QNAP strongly recommends that NAS users take immediate cybersecurity measures to mitigate the ever-present risks of security attacks,” QNAP said.
In general, all networking devices have been often targeted by ransomware and brute-force attacks. Even though all network storage devices are equally exposed, internet-facing NAS devices are more vulnerable.
“Network security is of critical importance, requiring constant vigilance and 24/7 year-round management, detection, and response,” said Stanley Huang, the Manager of QNAP’s Product Security Incident Response Team.
“This attack occurred over the weekend, and QNAP promptly identified it through cloud technology, quickly pinpointing the source of the attack and blocking it. This not only assisted QNAP NAS users in avoiding harm but also protected other storage users from being affected by this wave of attacks.”
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Try a free trial to ensure 100% security.
Read the full article here