Unpatched Network-Attached Storage (NAS) appliances of QNAP are in the crosshairs of hackers, trying to take control of the devices and install cryptominers.
What’s the latest finding?
- A group of researchers from Qihoo 360 found QNAP’s unpatched NAS devices targeted by a newly discovered malware named UnityMiner.
- The attackers intended to mine cryptocurrency by exploiting multiple pre-auth remote command execution vulnerabilities in the QNAP Helpdesk app.
- The point to be noted here is that nearly 4.3 million NAS devices were vulnerable to the attack despite the release of a patch in October 2020.
- Around 1.1 million affected users were located only in the U.S. and China - representing 80% of the global infection.
- Besides UnityMiner, Taiwan-based QNAP NAS was also a lucrative target for another new malware strain named Dovecat.
- Created with a purpose similar to UnityMiner, the malware propagated by connecting to NAS devices left exposed with weak passwords.
Dovecat and UnityMiner are not the only malware strain targeting QNAP NAS devices. These storage systems were also previously targeted by a variety of other malware, such as the Muhstik, ec0raix, and AgeLocker ransomware, along with the QSnatch malware.
Moreover, it is not just with QNAP NAS devices. Other NAS vendors have been equally impacted by malware attacks. For instance, Zyxel NAS devices were targeted last year by adversaries behind the Mirai botnet who targeted a critical pre-authentication command injection vulnerability.
Take action to secure your NAS devices
NAS is a common solution for handling shared files on business and academic networks. This means that such devices can be a juicy target for adversaries looking for more sensitive information. As different hardware and software-based vulnerabilities can impact the security of NAS devices, it is necessary that organizations must heed security measures recommended by NAS providers. Furthermore, by minimizing the chance of physical damage, keeping software up-to-date, and limiting access by unknown sources, organizations can keep their NAS and data as well safe.