For HomeFor BusinessFor Partners
Industry News
1 min read

QNAP NAS Hit by Weak Password Attacks

Silviu STAHIE

October 26, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
QNAP NAS Hit by Weak Password Attacks

QNAP has been hit by weak password attacks targeting NAS devices exposed to the Internet. Luckily, the company managed to block most of the attacks by finding the command and control center with the help of Digital Ocean.

As Bitdefender's telemetry has revealed many times, NAS devices are among the most-targeted devices in people's homes. It's also not the first time QNAP NAS devices have been under this attack.

The company recently announced that it detected a new wave of attacks focused on weak passwords. Of course, NAS devices exposed to the Internet became the target, as criminals tied to log in.

"QNAP detected this activity at 6:42 PM on October 14, 2023," explained the company. "The QNAP Product Security Incident Response Team (QNAP PSIRT) swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack."

What makes this attack stand out is the company's response, which figured out a way to stop the attacks at the source.

"Within 48 hours, they also successfully identified the source C&C (Command & Control) server and, in collaboration with the cloud service provider Digital Ocean, took measures to block this C&C server, preventing the situation from escalating further," the company explained.

QNAP also offered several pieces of advice to spare others the same problem.

  • Disable the "admin" account.
  • Set strong passwords for all user accounts and avoid weak passwords.
  • Update QNAP NAS firmware and apps to the latest versions.
  • Install and enable the QuFirewall application.
  • Utilize myQNAPcloud Link's relay service to prevent your NAS from being exposed to the Internet. If bandwidth requirements or specific applications necessitate port forwarding, avoid using the default ports 8080 and 443.

We can also add to that list that it's a good idea to deploy multi-factor authentication whenever possible and to make sure the password used for authentication on NAS is unique and not deployed on other online services, no matter how complex or strong it might be.

tags

Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows
Industry News Scam

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows

July 01, 2024

7 min read
Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report
Smart Home

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

June 26, 2024

2 min read
UEFA EURO 2024 Scams Are Already Here – How to Stay Safe
Scam Tips and Tricks

UEFA EURO 2024 Scams Are Already Here – How to Stay Safe

June 25, 2024

5 min read
Most People Still Write Important Passwords Down, Bitdefender Report Finds
Digital Privacy Threats

Most People Still Write Important Passwords Down, Bitdefender Report Finds

June 07, 2024

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Cybersecurity Grand Prix: Pole Position Passwords
Cybersecurity Grand Prix

Cybersecurity Grand Prix: Pole Position Passwords
Bitdefender

June 21, 2024

3 min read
The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
The Safety Formula

The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
Bitdefender

April 17, 2024

2 min read
Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Industry News

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Graham CLULEY

March 06, 2024

2 min read

Bookmarks

loader