QNAP issues another warning about ongoing attacks on its NAS (network-attached storage) devices and urges customers to enhance their security.
Threat actors use brute-force and credential stuffing automated tools to login into Internet-connected storage devices using passwords generated on the spot or from credential lists obtained elsewhere online.
“Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks – where hackers would try every possible password combination of a QNAP device user account,” the company warned.
The company warned if its customers use a simple, weak, or predictable password (such as ‘password’ or ‘12345’), attackers can easily get access to the device and compromise user data.
Upon getting full access to the targeted device, attackers steal sensitive documents or deploy malware to ecrypt the data.
QNAP advises customers to review their devices’ logs, because when the attackers are brute-forcing their way in, NAS devices will record the unsuccessful login attempts in logs with “Failed to login” warning messages.
QNAP urges customers to change the default access port number, set strong passwords, or disable the admin account if it is targeted by the attackers.
Furthermore, the company says users can also configure the NAS device to automatically block IP addresses from which attackers made failed login attempts.
QNAP NAS owners should also do the following to secure their NAS devices and check for malware:
- Change all passwords for all accounts on the device
- Remove unknown user accounts from the device
- Make sure the device firmware is up-to-date and all of the applications are also updated
- Install QNAP MalwareRemover application via the App Center functionality
- Remove unknown or unused applications from the device
- Set an access control list for the device (Control panel -> Security -> Security level).
Image: Felix Mittermeier