• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
qnap warns of ransomware targeting internet facing nas products

QNAP warns of ransomware targeting internet-facing NAS products

You are here: Home / General Cyber Security News / QNAP warns of ransomware targeting internet-facing NAS products
January 10, 2022

Shutterstock

QNAP customers have been encouraged that cyber attackers are targeting its network-hooked up storage (NAS) merchandise with ransomware and have been encouraged to secure their devices at the earliest prospect.

Ransomware and brute-pressure cyber attacks have been “commonly focusing on” QNAP’s internet-going through NAS items, according to the producer which revealed a goods security statement on Friday. 

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


NAS drives that are uncovered to the internet with no any protection are specially susceptible to the attacks and end users are encouraged to revisit their security settings to be certain products are sufficiently safeguarded.

The scale of attacks is now unclear and QNAP also did not specify what strain of ransomware the attackers are working with, or where the attackers are primarily based. IT Pro has contacted QNAP for extra comment.

Screenshot of QNAP dashboard

QNAP

To examine if a NAS generate is susceptible to the attacks QNAP has observed, customers need to open up the QNAP Security Counselor on their NAS products and solutions. The NAS is at substantial risk if there is an artefact that reads: ‘The Technique Administration services can be specifically available from an exterior IP deal with by means of the adhering to protocols: HTTP’ on the dashboard. QNAP also has a guideline for customers on how to examine which ports on a router are exposed to the internet.

Securing the NAS

Screenshot of router dashboard with instructions on how to disable port forwarding

QNAP

The 1st step to thoroughly secure vulnerable goods from the ongoing attacks is to disable the port forwarding purpose of the router. This can be completed via the administration interface of a user’s router. Users need to check out their configurations and disable the port forwarding environment of NAS administration service port which is established at port 8080 and 433 by default.

Screenshot of QNAP cloud dashboard

QNAP

Users should lastly disable the common plug and engage in (UPnP) perform of their QNAP NAS product in the QTS menu in myQNAPcloud. To do this, end users can navigate to the ‘Auto Route Configuration’ tab in the QTS menu and unselect ‘Enable UPnP Port forwarding’.


Some components of this post are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News FlexBooker Reveals Major Customer Data Breach
Next Post: Over Half of SMEs Have Experienced a Cybersecurity Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.