Security News > 2023 > October > QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords.
The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server within two days.
"The QNAP Product Security Incident Response Team swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack," the company said.
QNAP urges its customers to secure their devices by changing the default access port number, deactivating port forwarding on their routers and UPnP on the NAS, using robust passwords for their accounts, implementing password policies, and deactivating the admin account targeted in attacks.
The company regularly warns its customers to be cautious of brute-force attacks against QNAP NAS devices that are exposed online, as these attacks frequently result in ransomware attacks [1, 2, 3]. Cybercriminals frequently target NAS devices, aiming to steal or encrypt valuable documents or install information-stealing malware.
Recent attacks targeting QNAP devices include DeadBolt, Checkmate, and eCh0raix ransomware campaigns abusing security vulnerabilities to encrypt data on Internet-exposed NAS devices.
News URL
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)