1 min read

Synology NAS Devices Targeted in Large-Scale Brute-Force Attack

Silviu STAHIE

August 10, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Synology NAS Devices Targeted in Large-Scale Brute-Force Attack

Synology has identified an attack campaign against its network-attached storage (NAS) devices, spearheaded by a malware named StealthWorker trying to compromise devices by logging in using common credentials.

NAS devices are prized targets, and attackers are always looking for ways to compromise them. Sometimes they use vulnerabilities, but they can be more direct at times. In the current wave of attacks, attackers try to log in using weak or common credentials. Once they're in, they deploy malicious payloads, such as ransomware.

"Synology's security researchers believe the botnet is primarily driven by a malware family called StealthWorker," saidthe company. "At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities."

The attack is an automated process driven by a botnet. Compromised devices will try to carry out additional attacks against other Linux devices, including other Synology NAS.

"Synology PSIRT is working with relevant CERT organizations to find out more about and shut down known C&C (command and control) servers behind the malware. Synology is simultaneously notifying potentially affected customers," the company also said.

Since this attack doesn’t leverage any particular vulnerability, users have been advised to change their credentials if they are weak. Synology NAS also allows users to auto-block IPs after a number of unsuccessful login attempts. Of course, it's also essential to set up multi-step authentication as soon as possible so that, even if attackers somehow get ahold of valid credentials, they encounter another layer of security. Closing unnecessary ports that are not in use is also advisable.

NAS devices usually hold valuable information, like backups or private data. They are among the most-attacked IoT devices out there, and criminals always look for new ways to compromise them.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

"Fake crypto millionaire" charged with alleged $1.7M cryptomining scam "Fake crypto millionaire" charged with alleged $1.7M cryptomining scam
Graham CLULEY

September 23, 2022

2 min read
Attackers Used OAuth Apps to Control Exchange Servers and Spread Spam Attackers Used OAuth Apps to Control Exchange Servers and Spread Spam
Vlad CONSTANTINESCU

September 23, 2022

2 min read
Disgruntled Developer Leaks LockBit Ransomware Builder Online Disgruntled Developer Leaks LockBit Ransomware Builder Online
Vlad CONSTANTINESCU

September 22, 2022

2 min read