QNAP shuts down server behind huge brute force attacks

Someone’s been targeting NAS devices with weak passwords

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Taiwanese hardware vendor QNAP has shut down a server that was used in a major brute-force hacking operation against internet-exposed network-attached storage (NAS) instances.

In a press release published on the QNAP website, the company said it had partnered with Digital Ocean in a two-day operation to jointly shut down a malicious server that acted as a command-and-control (C2) center that operated a botnet of infected devices.

“The QNAP Product Security Incident Response Team (QNAP PSIRT) swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack,” the press release reads. “Within 48 hours, they also successfully identified the source C&C (Command & Control) server and, in collaboration with the cloud service provider Digital Ocean, took measures to block this C&C server, preventing the situation from escalating further.”

Mitigation steps

QNAP says there are things IT admins can do to protect theirendpoints, and suggests changing the default access port number, deactivating port forwarding on the routers and UPnP on the NAS, setting up a stronger password, and making sure the password is regularly updated.

The company also “strongly” recommended these steps:

Disable the “admin” accountSet strong passwords for all user accounts and avoid using weak passwordsUpdate QNAP NAS firmware and apps to the latest versionsInstall and enable the QuFirewall applicationUtilize myQNAPcloud Link’s relay service to prevent your NAS from being exposed to the internet. If there are bandwidth requirements or specific applications necessitating port forwarding, you should avoid using the default ports 8080 and 443.

More information on how to do these things can be found in the manualhere.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

QNAP’s NAS devices are a popular target among cybercriminals as they can often be easily broken into and later used in ransomware attacks,BleepingComputerreminds.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

I’d drop Hulu for Netflix in November 2024 – here’s why