Security News > 2021 > March > QNAP warns of ongoing brute-force attacks against NAS devices
QNAP warns customers of ongoing attacks targeting QNAP NAS devices and urges them to enhance their security as soon as possible.
In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.
"Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks - where hackers would try every possible password combination of a QNAP device user account," the company warned.
QNAP advises customers to secure their NAS devices by changing the default access port number, using strong passwords for their accounts, enabling password policies, and disabling the admin account targeted in these ongoing attacks.
In June 2019, an eCh0raix Ransomware campaign also targeted QNAP NAS devices with weak passwords in brute-force attacks.
eCh0raix returned one year later, once again attempting to gain access to publicly-exposed QNAP devices by brute-forcing accounts with weak passwords or exploiting known vulnerabilities.
News URL
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- QNAP pulls buggy QTS firmware causing widespread NAS issues (source)
- QNAP addresses critical flaws across NAS, router software (source)