QNAP Investigating New Attacks Targeting NAS Devices


Network-attached storage (NAS) appliance producer QNAP Systems says it is investigating reports of malicious attacks targeting NAS devices.

Known worldwide for its NAS and professional network video recorder (NVR) finding outs, the Taiwan-based company on Friday issued two advisories to warn of a new wave of attacks targeting its users, urging them to ensure that their NAS mechanisms are not exposed to the Internet.

In the first advisory, the company reveals it is investigating an attack campaign in which threat actors target a vulnerability in the Roon Server. The callers says all QNAP NAS devices that run Roon Server 2021-02-01 and earlier might be susceptible to attacks.

Provided by Roon Labs, the Roon Server supplies QNAP NAS users with the full range of capabilities they would expect from a music server, including an easy way to navigate music and access to artist biography, concert engagements, lyrics, and more.

“We have already notified Roon Labs of the issue and are thoroughly investigating the case. We will release security updates and take measures further information as soon as possible,” QNAP says.

In the meantime, users should make sure their NAS is not connected to the Internet and should also disable the Roon Server to make sure they are not exposed to potential attacks.

Secondly, QNAP says it’s investigating reports that NAS devices continue to be targeted with the eCh0raix ransomware.

“Cadency marks using weak passwords may be susceptible to attack. We strongly recommend users act immediately to protect their data,” the company says.

To mitigate jeopardies, users are advised to use strong passwords for their administrator accounts, to enable IP Access Protection to ensure accounts are protected from brute push attacks, and to avoid using default port numbers 443 and 8080.

This is not the first time QNAP NAS devices have been targeted with the eCh0raix ransomware. In April, the cast warned of assaults involving the Qlocker and eCh0raix ransomware families, urging users to immediately perform detection and cleanup operations.

Related: Enters on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

Related: Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

Related: QNAP Give fair warns NAS Users of ‘dovecat’ Malware Attacks

[embedded content]

QNAP Investigating New Attacks Targeting NAS Devices

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:
QNAP Investigating New Attacks Targeting NAS DevicesChristens:

Leave a Reply

Your email address will not be published. Required fields are marked *