Security News

QNAP has warned customers today to secure Internet-exposed network-attached storage devices immediately from ongoing ransomware and brute-force attacks. "QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices," the Taiwanese NAS maker said in a press release issued today.

Users of QNAP network-attached storage devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. BleepingComputer forum users managing QNAP and Synology NAS systems have been regularly reporting eCh0raix ransomware attacks but more of them started to disclose incidents around December 20.

Unsecured QNAP NAS devices are getting covertly saddled with a new bitcoin miner, QNAP has warned users. "Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom reaper]' could occupy around 50% of the total CPU usage. This process mimics a normal, legitimate kernel process with the same name. However, while the legitimate kernel process PID is usually below 1000, the bitcoin miner PID is usually greater than 1000," the company explained.

Network-attached storage appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom reaper]' could occupy around 50% of the total CPU usage," the Taiwanese company said in an alert.

QNAP warned customers today of ongoing attacks targeting their NAS devices with cryptomining malware, urging them to take measures to protect them immediately. Customers who suspect their NAS is infected with this bitcoin miner are advised to restart their device, which may remove the malware.

Network-attached storage appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. "A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash," according to the advisory for CVE-2021-3711.

Network-attached storage maker QNAP is investigating and working on security updates to address remote code execution and denial-of-service vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync, according to advisories [1, 2] published earlier today.

NAS devices under attack: How to keep them safe?Network-attached storage devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber criminals. 65 vendors affected by severe vulnerabilities in Realtek chipsA vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems and other network devices.

Palo Alto Networks researchers recently found some 240,000 QNAP and approximately 3,500 Synology NAS devices exposed to the public internet. Since the start of the year, a variety of NAS devices have been hit by ransomware gangs, botnet operators, as well as attackers who simply decided to wipe the data without warning and install a trojan.

Operators of the nearly-year-old eCh0raix ransomware strain that's been used to target QNAP and Synology network-attached storage devices in past, separate campaigns have, gotten more efficient. In a report published Tuesday, Palo Alto Network Unit 42 researchers said the new variant of eCh0raix exploits a critical bug, CVE-2021-28799 - an improper authorization vulnerability that gives attackers access to hard-coded credentials so as to plant a backdoor account - in the Hybrid Backup Sync software on QNAP's NAS devices.