According to an August 4 report, Synology’s Product Security Incident Response Team (PSIRT) witnessed and received reports on “an increase in brute-force attacks against Synology devices.” While the team believes that these attacks are not using software vulnerabilities, the attacks are still concerning.
The botnet behind the brute-force behavior, wherein attackers “leverage a number of already infected devices to try and guess common administrative credentials,” is reportedly driven by a malware family called “StealthWorker.” If the guessing is successful, then there is the potential for a malicious payload to be installed, including ransomware. The breached devices may also become a part of the botnet and carry out attacks on other devices.
To help protect against this, “Synology strongly advises all system administrators to examine their systems for weak administrative credentials, to enable auto block and account protection, and set up multi-step authentication where applicable.” Moreover, users should ensure that their Synology device is not attached to the internet if those features are not utilized as it would pose an unnecessary risk.
Synology is also providing help to those who have been infected or have witnessed suspicious activity, and you can reach out here to find out more if you are affected.