QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices. QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks, where hackers would try every possible password combination of a QNAP device user account.
A. Nature of the Attack
Threat actors are reported to be using automated tools to login into publicly accessible NAS devices using passwords from a collection of word lists or from lists of previously compromised credentials. After successful attack, threat actors could get full access to the device, which allows them to gain access to and steal sensitive documents or deploy malware to to hijack victim’s system resources to generate cryptocurrencies or infect other systems.
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
CERT-PH advises NAS’ users to secure their devices by changing the default access port number, usage of strong and unique passwords for created accounts, enabling password policies, and/or disabling the admin account temporarily. For additional information and mitigation steps and procedures, kindly refer to QNAP’s Security Advisory.