The age-old adage knowledge is power has never rung truer than in today’s digital era where cyber threats lurk around every corner. However, amidst these turbulent times, one company has emerged as a beacon of hope: QNAP (Quality Network Appliances Provider). With their recent accomplishment of eliminating the rogue server responsible for an array of widespread brute-force attacks, they have demonstrated their unwavering commitment to fortifying our network defenses. Embark on this captivating journey where we unravel QNAP’s strategic approach and discover how their triumph promises not only enhanced cybersecurity but also peace of mind for individuals and organizations alike.
QNAP Eliminates Server Responsible for Extensive Brute-force Attacks
QNAP, a Networking hardware company, has effectively taken down a malicious server that was utilized in extensive brute-force attacks targeting Internet-exposed NAS devices.
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
Additionally, they were able to locate the source C&C (Command & Control) server within 48 hours. QNAP worked with cloud service provider Digital Ocean to take action to shut down this C&C server, preventing the problem from getting worse.
A brute force attack uses trial and error to determine encryption keys, login credentials, or the location of a hidden website. Hackers try every combination in the hopes of making an accurate estimate.
Despite being an older attack strategy, hackers continue to find it to be useful and popular. The term “brute force” refers to attempts by attackers to enter user accounts by employing excessive amounts of force.
Steps to Mitigate the Risks:
In its security guide, QNAP offers comprehensive guidance on how to put protective measures in place.
- Disable the “admin” account. (Refer to page 30)
- Set strong passwords for all user accounts and avoid using weak passwords. (Refer to page 34)
- Update QNAP NAS firmware and apps to the latest versions. (Refer to page 24)
- Install and enable the QuFirewall application. (Refer to page 46)
- Utilize myQNAPcloud Link’s relay service to prevent your NAS from being exposed to the internet. If there are bandwidth requirements or specific applications necessitating port forwarding, you should avoid using the default ports 8080 and 443. (Refer to page 39)
“QNAP strongly recommends that NAS users take immediate cybersecurity measures to mitigate the ever-present risks of security attacks,” QNAP said. In general, all networking devices have been often targeted by ransomware and brute-force attacks. Even though all network storage devices are equally exposed, internet-facing NAS devices are more vulnerable.
“Network security is of critical importance, requiring constant vigilance and 24/7 year-round management, detection, and response,” said Stanley Huang, the Manager of QNAP’s Product Security Incident Response Team.
“This attack occurred over the weekend, and QNAP promptly identified it through cloud technology, quickly pinpointing the source of the attack and blocking it. This not only assisted QNAP NAS users in avoiding harm but also protected other storage users from being affected by this wave of attacks.”
Conclusion:
QNAP’s successful elimination of the server responsible for a significant number of brute-force attacks marks a significant achievement in enhancing cybersecurity measures. This accomplishment showcases QNAP’s commitment to ensuring the safety and security of their users’ data and systems. By taking proactive steps to identify and eliminate potential vulnerabilities, QNAP has demonstrated their dedication to staying ahead of cyber threats. Moving forward, it is crucial for other organizations to follow suit and prioritize robust security measures to safeguard against malicious activities. Together, we can create a safer online environment for all users.
