Network Attached Storage (NAS) Vendors Like QNAP Face Threats of Device Takeover
NAS devices are used in organizations to store a variety of data, like tax records of employees, business documents, client-related information, and more. So keeping NAS devices secure remains a prime concern for the vendors, as well as the security admins in any organization using it, to avoid any threats of device takeover.
- In May 2020, several vulnerabilities were identified in the firmware of QNAP network-attached storage (NAS) devices. These vulnerabilities affect around 450,000 devices, which is approx 80% of all the devices available in the market.
- Three of the vulnerabilities (CVE-2019-7192, CVE-2019-7194, and CVE-2019-7195) exist in the Photo Station photo album app that comes preinstalled with the recently sold device models. The fourth one (CVE-2019-7193) exists in the QTS file manager app.
- All these vulnerabilities can allow an attacker to perform remote-takeover attacks.
- All the four vulnerabilities have since been patched by the vendor, QNAP Systems, Inc.
Other threats on QNAP NAS devices
There have been several occasions in the recent past, when cyber attackers have directly targeted QNAP NAS devices with malware.
- In October 2019, thousands of QNAP NAS devices were found infected with a malware dubbed QSnatch. This malware targeted the firmware and could steal the credentials and load malicious code retrieved from its command and control (C2) servers.
- In July 2019, ransomware dubbed eCh0raix was found in the wild, targeting documents on consumer and enterprise QNAP Network Attached Storage (NAS) devices.
Threats to other NAS device vendors
A large number of other commercial NAS devices from various vendors have also been targeted by hackers in recent times.
- In March 2020, a new variant of Mirai malware dubbed Mukashi was found targeting a critical vulnerability (CVE-2020-9054) in Zyxel NAS devices, exploiting them to rope the machines into an Internet of Things (IoT) botnet.
- In July 2019, some attackers targeted Synology Inc. networks to steal device admin credentials using brute-force attacks and infect few of the devices with ransomware. The company had to warn its users to change all NAS device passwords.
Keep the NAS firmware updated with the latest patches. To reduce the risk of exposure of the NAS devices, disable the vulnerable SMB protocol and direct access to the files when the device is not in use, which could prevent encryption attacks by ransomware.