Security News > 2021 > March > QNAP warns of ongoing brute-force attacks against NAS devices

QNAP warns of ongoing brute-force attacks against NAS devices
2021-03-25 14:58

QNAP warns customers of ongoing attacks targeting QNAP NAS devices and urges them to enhance their security as soon as possible.

In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.

"Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks - where hackers would try every possible password combination of a QNAP device user account," the company warned.

QNAP advises customers to secure their NAS devices by changing the default access port number, using strong passwords for their accounts, enabling password policies, and disabling the admin account targeted in these ongoing attacks.

In June 2019, an eCh0raix Ransomware campaign also targeted QNAP NAS devices with weak passwords in brute-force attacks.

eCh0raix returned one year later, once again attempting to gain access to publicly-exposed QNAP devices by brute-forcing accounts with weak passwords or exploiting known vulnerabilities.


News URL

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ongoing-brute-force-attacks-against-nas-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299