Synology has issued a security advisory warning its customers that its NAS devices are under attack by the StealthWorker botnet. The company’s NAS devices are being targeted by brute-force attacks that can lead to ransomware infections.
The advisory, published by the company’s Product Security Incident Response Team (PSIRT) on 4 August, also states that systems compromised in the attack can be further used to infect more Linux systems.
The Taiwan based NAS company stated that it “received reports on an increase in brute-force attacks against Synology devices. Synology’s security researchers believe the botnet is primarily driven by a malware family called “StealthWorker.” At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities”.
Another storage device fiasco?
Network connected storage devices have been targetted quite frequently by several different attack vectors. As a result, Synology has urged customers to replace weak passwords with stronger ones, enable account protection and auto-block, and set up multi-factor authentication.
The company has also issued a checklist for the users to ensure that their NASs are well defended against any potential attacks.
- Use a complex and strong password, and apply password strength rules to all users.
- Create a new account in the administrator group and disable the system default “admin” account.
- Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
- Run Security Advisor to make sure there is no weak password in the system.
The company also suggested taking a snapshot of the NAS to avoid being stuck in a ransomware situation.
Attacks on storage internet-connected devices have been the trend recently as WD network storage devices were also attacked by malware that restricted user access and corrupted all stored data in late June.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.