News Hackers Exploit QNAP Vulnerabilities to Turn NAS Devices Into Crypto Miners

USAFRet

Titan
Moderator
Mar 16, 2013
142,712
8,278
174,690
22,075
@USAFRet I know you have a qnap and might find this information useful.
Thanks.
Easy to mitigate:

  1. Don't have the thing accessible to the outside. Or if you do, push only. No incoming.
  2. Disable the original admin acct. New accounts and strong passwords.
  3. Firmware. QNAP pushes out a new one every 4-6 weeks. If you're still on a firmware version of pre Aug 2020, you're a fool (just like regular Windows/Linux/Apple OS updates)
  4. Disable UPnP
 
Reactions: jakjawagon

Integr8d

Distinguished
May 28, 2011
103
12
18,685
0
This exact same thing happened to Synology like 7 or 8 years ago. You had to ssh in to look at the pids to see if you’d been affected. The activity was hidden from the GUI. Clever stuff. But undoubtedly far more effective back then.
 

ASK THE COMMUNITY

TRENDING THREADS