Sharing their observations, the hardware vendor’s Product Security Incident Response Team (PSIRT) says that it appears the attacks are orchestrated by the StealthWorker botnet.
Furthermore, the PSIRT adds that the attacks don’t seem to exploit any software vulnerabilities running on the NAS, and appear to be purely brute force in nature.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware. Devices infected may carry out additional attacks on other Linux based devices, including Synology NAS,” shares Synology through their advisory.
Double-check those passwords
Internet-connected NAS devices are always in the crosshairs of threat actors. Qnap, another popular Taiwanese NAS vendor, bore the brunt of the malicious campaigns that have targeted the devices for everything from deploying ransomware to mining cryptocurrency.
To ward off the current attack, Synology is advising its users to ensure that the devices have strong administrative credentials. Additionally, Synology users should enable the auto block and account protection features on their NAS devices, and enable multi-step authentication to add another layer of security in addition to the passwords.
Synology, for its part, is working with “relevant” computer emergency response teams (CERT) to disable the known command and control (C2) servers that power the StealthWorker malware.