In a bid to help customers fend off potential cyber-attacks, Taiwan-based QNAP Systems has extended support for some end-of-life (EOL) products. This includes both tech support and security updates.
QNAP’s network-attached-storage solutions are popular among techies wanting to share and store files, back up important data, create virtual environments, work with multimedia, or even do surveillance.
The products’ popularity, however, has attracted the attention of cybercriminals as of late.
Actors operating ransomware strains like QLocker, eCh0raix and DeadBolt have hit QNAP NAS units repeatedly in recent months, either through unpatched vulnerabilities or simply by exploiting misconfigurations in units exposed to the Internet.
The Taiwanese vendor has also been forced to push updates forcefully to unpatched users.
“Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection,” the company said in a security alert iin January. “QNAP urges all QNAP NAS users to follow the security setting instructions […] to ensure the security of QNAP networking devices.”
This week, the company is taking even more steps to protect faithful customers who may rely on outdated hardware.
In a press release yesterday, the Taiwanese company said it had extended the end date of technical support and security updates for some EOL products to help users “defend against evolving security threats and allowing users to have more time to implement device upgrades.”
The reasoning behind the move is simple:
“EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,” QNAP says. “Due to these reasons, QNAP normally maintains security updates for 4 years after a product passes its EOL date. As a special effort to help users protect their devices from today’s security threats, QNAP has extended security updates for some EOL models till October 2022.”
The extended end date of technical support and security updates applies to various QNAP NAS models, both on ARM and x86 64-bit architectures, as detailed in the announcement.
QNAP stresses that support for these EOL models will be limited to high-risk or critical security threats. The company asks customers to shoulder some responsibility and keep EOL devices offline while following the advice in “What is the best practice for enhancing NAS security?”
QNAP NAS users can check their products’ ‘expiry’ date on the Technical Support and Security Updates column for each EOL model at http://www.qnap.com/go/product/status.