QNAP takes down server behind widespread brute-force attacks

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server within two days. "The QNAP Product Security Incident Response Team swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack," the company said. "Within 48 hours, they also successfully identified the source C&C server and, in collaboration with the cloud service provider Digital Ocean, took measures to block this C&C server, preventing the situation from escalating further." QNAP urges its customers to secure their devices by changing the default access port number, deactivating port forwarding on their routers and UPnP on the NAS, using robust passwords for their accounts, implementing password policies, and deactivating the admin account targeted in attacks. "This attack occurred over the weekend, and QNAP promptly identified it through cloud technology, quickly pinpointing the source of the attack and blocking it," said Stanley Huang, the head of QNAP PSIRT, last week. "This not only assisted QNAP NAS users in avoiding harm but also protected other storage users from being affected by this wave of attacks." The company regularly warns its customers to be cautious of brute-force attacks against QNAP NAS devices that are exposed online, as these attacks frequently result in ransomware attacks [1, 2, 3]. Cybercriminals frequently target NAS devices, aiming to steal or encrypt valuable documents or install information-stealing malware. These devices are often used for backing up and sharing sensitive files, making them valuable targets for malicious actors. Recent attacks targeting QNAP devices include DeadBolt, Checkmate, and eCh0raix ransomware campaigns abusing security vulnerabilities to encrypt data on Internet-exposed NAS devices. Synology, another Taiwanese NAS maker, also warned customers in August 2021 that their network-attached storage devices were being targeted by the StealthWorker botnet in ongoing brute-force attacks that could lead to ransomware infections. Can we fix the weaknesses in password-based authentication? Cisco warns of VPN zero-day exploited by ransomware gangs.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to QNAP takes down server behind widespread brute-force attacks

QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
1 year ago Bleepingcomputer.com
Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
What Is a Brute Force Attack? - A brute force attack is a type of cyber-attack that criminals use, in order to gain access to a computer system or the private data stored within. This type of attack involves a hacker attempting to guess information, such as passwords or access ...
1 year ago Heimdalsecurity.com
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved ...
11 months ago Securityweek.com
QNAP Devices Unpatched Against Critical Flaw: Over 29,000 Vulnerable - Tens of thousands of QNAP network-attached storage devices are exposed online and unpatched against a critical security flaw. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting ...
1 year ago Bleepingcomputer.com
QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection - QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and ...
1 year ago Bleepingcomputer.com
QNAP Alerts of a Vulnerability that Could Lead to Deadbolt Ransomware Attacks - QNAP, a data-storage hardware vendor, has issued a warning to customers to update their devices due to the discovery of a vulnerability that could leave thousands exposed to attacks. The vulnerability, known as CVE-2022-27596, affects QNAP devices ...
1 year ago Therecord.media
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596, ...
1 year ago Securityweek.com
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
11 months ago Gbhackers.com
Hackers Actively Exploiting Vulnerability to Deploy Mirai Malware - Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access. QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-. NVR is ...
1 year ago Cybersecuritynews.com
CVE-2023-48764 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection ...
1 year ago Tenable.com
Should You Shut Down Your Computer Every Night? - Although PCs benefit from an occasional reboot, it's not necessary to turn off your computer every night. The decision to let your computer sleep vs. shut down depends on considerations such as the device's age, your usage habits, and whether you ...
10 months ago Pandasecurity.com
The biggest cybersecurity and cyberattack stories of 2023 - Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users. The company states that the attackers only breached a small number of accounts during the ...
11 months ago Bleepingcomputer.com
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - The US cybersecurity agency CISA on Thursday released industrial control system advisories for vulnerabilities affecting Future X Communications routers and QNAP network video recorder devices, and warned organizations that they have been exploited ...
11 months ago Securityweek.com
American Family Insurance confirms cyberattack is behind IT outages - Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week. American Family Insurance is an insurance company focusing on commercial and ...
1 year ago Bleepingcomputer.com
CVE-2021-28806 - A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build ...
3 years ago
CVE-2021-28800 - A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. ...
3 years ago
Ransomware Attacks in November Rise 67% From 2022 - Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October according to NCC Group's November Threat Pulse. As the third most active month of the year, ransomware levels in ...
1 year ago Darkreading.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
9 months ago Helpnetsecurity.com
Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Organizations can't ignore the surge in malicious web links. Cybercriminals turn to ready-made bots for quick attacks. Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These ...
11 months ago Helpnetsecurity.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
What is a dictionary attack? - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password. A dictionary attack can also be used in an attempt to ...
10 months ago Techtarget.com
CDK Global says all dealers will be back online by Thursday - CDK Global says that its dealer management system, impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships. The company is also working on restoring access to other affected ...
5 months ago Bleepingcomputer.com
Geopolitical tensions escalate OT cyber attacks - In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware ...
8 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)