QNAP NAS devices still facing huge number of online attacks

QNAP suggests evaluating and overriding default settings to thwart the attacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Several users are reporting that their QNAPNetwork-Attached Storage (NAS)devices are being subject to brute-force attacks.

Devices from Taiwanese storage manufacturerQNAPhave been at the receiving end of various cyber attack campaigns lately.

QNAP has been very active in patching vulnerabilities in their devices. Late last year it fixed across-site scripting vulnerability, and issued patches toneutralize malwarethat used the QNAP device tomine cryptocurrency, earlier this year.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks – where hackers would try every possiblepasswordcombination of a QNAP device user account,” warns the company.

Brute force attacks

While the earlier attacks exploit software vulnerabilities on devices that haven’t been patched, the ongoing campaign exploits human behaviour.

The attackers use simple tools to brute-force their way into the device by trying to log in using a list of commonpasswordsor a list of previously compromised credentials.

“If a simple, weak, or predictable password is used (such as “password” or “12345”) hackers can easily gain access to the device, breaching security, privacy, and confidentiality,” says QNAP, urging users to set strong passwords.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

QNAP further suggests users to implement password rotation policies, and even disable the default admin account. Also, since the attack is only possible on Internet-facing NAS devices, QNAP suggests users don’t expose their devices on public networks.

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’