Synology NAS devices are being hacked to target Linux systems

Attacks could be used as launchpads to ransomware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Synology, the Taiwan-based maker ofnetwork-attached storage (NAS)devices, has put out a security advisory warning customers of an increase in brute-force attacks on its devices.

Sharing their observations, the hardware vendor’s Product Security Incident Response Team (PSIRT) says that it appears the attacks are orchestrated by the StealthWorker botnet.

Furthermore, the PSIRT adds that the attacks don’t seem to exploit any software vulnerabilities running on the NAS, and appear to be purely brute force in nature.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware. Devices infected may carry out additional attacks on otherLinuxbased devices, including Synology NAS,”shares Synologythrough their advisory.

Double-check those passwords

Internet-connected NAS devices are always in the crosshairs of threat actors.Qnap, another popular Taiwanese NAS vendor,bore the bruntof the malicious campaigns that have targeted the devices for everything from deploying ransomware tomining cryptocurrency.

To ward off the current attack, Synology is advising its users to ensure that the devices have strong administrative credentials. Additionally, Synology users should enable the auto block and account protection features on their NAS devices, and enable multi-step authentication to add another layer of security in addition to thepasswords.

Synology, for its part, is working with “relevant” computer emergency response teams (CERT) to disable the known command and control (C2) servers that power the StealthWorker malware.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

Steps to take when your phone number is publicly listed online