SHOPPING CART 0 item(s) - 0 0 0 0 Cart 0 My Cart 0 0 0 0 0 CART: 0 0 Cart
Synology Launches Its Own Line of HDDs Alongside New RackStation

Hackers Target QNAP NAS Devices with Crypto-Mining Malware


They’re attacking unpatched QNAP NAS hardware.


qnap nas hack feature

If you have a QNAP network-attached storage drive, you need to go and patch it now. Earlier in March 2020, security researchers at Qihoo’s 360 Netlab identified a vulnerability in QNAP NAS devices under active exploitation.

Patch Your QNAP NAS

Attackers are attempting to take control of QNAP NAS hardware to install cryptocurrency mining malware, which mines cryptocurrency on behalf of the attacker.

The research team at 360 Netlab believes there are over 4 million vulnerable QNAP NAS devices online with over 950,000 unique IP addresses, all mapped using Qihoo’s Quake mapping system.

The vulnerability relates to two remote command execution vulnerabilities, CVE-2020-2506 and CVE-2020-2507, which, when exploited, allows the attacker to gain root privilege on the compromised NAS. Once an attacker has root access, they can do almost what they want on the machine.

Although the vulnerabilities are serious, the research team has not made its exploit proof-of-concept public nor released any technical details relating to the vulnerabilities, giving affected QNAP users time to patch their hardware.

We named the mining program UnityMiner, we noticed the attacker customized the program by hiding the mining process and the real CPU memory resource usage information, so when the QNAP users check the system usage via the WEB management interface, they cannot see the abnormal system behavior.

Any QNAP NAS device with firmware installed before August 2020 is currently vulnerable to the exploit, covering around 100 different versions of QNAP’s NAS firmware. The Qihoo 360 Netlab blog post details the crypto-mining malware in more detail, including every firmware version currently affected.

Related: The Best NAS for Home Media Servers and Shared Storage

QNAP NAS users should head to the QNAP patch page, download the latest patches, and install them as soon as possible. While QNAP hasn’t yet made a direct response to Qihoo’s revelations regarding the vulnerability, this is the most recent patch available for the hardware.

QNAP NAS Boxes Previously Targeted

This isn’t the first time QNAP’s NAS hardware has been targeted.

In December 2020, QNAP issued a warning regarding two high-severity cross-site scripting bugs that allowed an attacker remote access. Before that, in September 2020, QNAP users were hit by the AgeLocker ransomware, which infected thousands of publicly exposed QNAP NAS devices.

Related: FreeNAS vs. OpenMediaVault vs. Amahi: What’s the Best DIY NAS?

Yet another ransomware variant also specifically targeted QNAP NAS devices, too, the big giveaway being the name: QNAPCrypt. That said, the QNAPCrypt ransomware also targeted other NAS providers, such as Synology, Seagate, and Netgear.

For the time being, QNAP users should head to the previously linked patch page and follow the instructions to protect online devices.


best-nas-drives
The 7 Best NAS Hard Drives

If you’re looking to invest in network attached storage, you’ll need a NAS hard drive. We’re rounded up the best NAS hard drives to get you started.


About The Author

Gavin Phillips
(774 Articles Published)

Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and was the Editor for MakeUseOf’s crypto-focused sister site, Blocks Decoded. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.

More
From Gavin Phillips

.





Source link

Tags: , , , , , ,

RELATED POST

Leave your Comment

Your email address will not be published. Required fields are marked *

X
Avatar Mobile
Guest
Main Menu x