QNAP NAS devices still facing huge number of online attacks .:. Andy Rixon
...
QNAP NAS devices still facing huge number of online attacks

QNAP suggests evaluating and overriding default settings to thwart the attacks

Several users are reporting that their QNAP Network-Attached Storage (NAS) devices are being subject to brute-force attacks.

Devices from Taiwanese storage manufacturer QNAP have been at the receiving end of various cyber attack campaigns lately.

QNAP has been very active in patching vulnerabilities in their devices. Late last year it fixed a cross-site scripting vulnerability, and issued patches to neutralize malware that used the QNAP device to mine cryptocurrency, earlier this year. 

“Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks – where hackers would try every possible password combination of a QNAP device user account,” warns the company.

Brute force attacks
While the earlier attacks exploit software vulnerabilities on devices that haven’t been patched, the ongoing campaign exploits human behaviour.

The attackers use simple tools to brute-force their way into the device by trying to log in using a list of common passwords or a list of previously compromised credentials.

“If a simple, weak, or predictable password is used (such as "password" or "12345") hackers can easily gain access to the device, breaching security, privacy, and confidentiality,” says QNAP, urging users to set strong passwords.

QNAP further suggests users to implement password rotation policies, and even disable the default admin account. Also, since the attack is only possible on Internet-facing NAS devices, QNAP suggests users don’t expose their devices on public networks. 

News by Andy Rixon, created 28 Mar, 2021

Share on
Find what you need
Looking for something specific?
Author Information

Andy Rixon

I am a kind individual that has high ambitions, sometimes too high if you ask me, but that doesn't stop me from trying to do the best that I can in life.

I enjoy a number of things, including but not limited to - gaming and web development.

For more information...
View Profile

Source
TechRadar
© 2021 Andy Rixon
All images are copyright to their respective owners

Made with by VibeCMS
Follow on