Recent QNAP and Synology Security Alerts: How to Protect Your NAS

Post Syndicated from Jeremy Milk original https://www.backblaze.com/blog/recent-qnap-and-synology-security-alerts-how-to-protect-your-nas/

Editor’s Note: This post has been updated since it was originally published on January 18, 2022 to reflect the most recent security alerts from NAS manufacturers.

If you use a NAS device for your business or home network, chances are one of the likely reasons you invested in NAS in the first place was to achieve a greater level of data redundancy and protection. You’re deliberate about the care and protection of your data. Unfortunately, ransomware operators have been ramping up attacks on NAS devices over the past year, especially in the past few weeks, which could mean you’re facing more risk.

Integrated Backblaze partners QNAP and Synology have smartly issued alerts and offered new guidance to help users better protect their data from these attacks. QNAP’s recent alerts urged users to take immediate action to ensure the security of their devices.

Trending
Three Weird 90s Computer Mice: Burgers, Corvettes, and Chaos

Since many of you use Backblaze B2 Cloud Storage to back up or build from your NAS devices, this post outlines the recent alerts, the nature of the attacks, and the steps you can take to protect your data.

Recent Alerts

How Cybercriminals Attack Your NAS

Attackers will typically exploit known vulnerabilities and may use brute force attacks where they try passwords until they gain access so they can plant ransomware software on NAS devices. In August of 2021, Palo Alto Networks, a security research firm, identified a variant of eCh0raix ransomware that targets Synology and QNAP NAS devices.

QNAP’s January 7 alert didn’t specify the ransomware strain involved in the attacks they’re seeing, but if they’re not using eCh0raix, they’re likely using something similar.

QNAP’s January 26 alert identified a new type of ransomware named DeadBolt. DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users’ data for Bitcoin ransom.

What You Can Do

Even conscientious NAS users may occasionally miss the latest security updates and patches, leaving devices vulnerable. And cybercriminals exploit these vulnerabilities.

Here are a few immediate steps you can take to protect your data:

  1. Sign up for security alerts from your device manufacturer, and apply the latest security patches as soon as possible. For the latest security updates, check the QNAP Security Advisories page and Synology Product Security Advisory page regularly.
  2. Use best practices when it comes to passwords to make brute-force attacks more of a challenge for attackers, including changing passwords regularly and using complex passwords.
  3. Prevent network attacks by limiting device connections to a hard-coded list of IP addresses.

QNAP-specific Prevention

QNAP issued specific instructions on both January 7 and January 26 urging all users to disconnect their devices from the internet immediately. They recommend the following steps:

First, check whether your NAS is exposed to the internet. Open the Security Counselor on your QNAP NAS. Your NAS is exposed to the internet and at high risk if it shows the system administration service can be directly accessible from an external IP address via the following protocols: HTTP on the dashboard.

Source: QNAP.

Note: QNAP recommended users check here to know which ports are exposed to the internet.

If your NAS is exposed to the internet, QNAP recommends the following steps:

  1. Disable the port forwarding function of the router.

    2. Go to the management interface of your router, check the virtual server, NAT, or port forwarding settings, and disable the port forwarding setting of the NAS management service port (port 8080 and 433 by default).

    Source: QNAP.
  2. Disable the UPnP function of the QNAP NAS.

    3. Go to myQNAPcloud on the QTS menu, click Auto Router Configuration, and deselect Enable UPnP Port forwarding.

    Source: QNAP.

Synology-recommended Prevention

Synology provides users with a number of resources to help them increase the security of their NAS devices. To keep your Synology data secured, check out their knowledge base article on how to add extra security to your NAS or their blog post outlining “10 Security Tips to Keep Your Data Safe.”

Following security best practices, they recommend using complex passwords, setting expiration dates for passwords, and being very cautious with public ports. They also recommend enabling Security Advisor. Security Advisor is a built-in DiskStation Manager (DSM) app that scans your Synology NAS, checks your DSM settings, and gives you advice on how to address security weaknesses.

Protect Your Data With NAS Backups

Keeping your device up to date on security patches and updates and closely monitoring alerts from your device manufacturer will go a long way toward protecting your data. For the latest security updates, check the QNAP Security Advisories page and Synology Product Security Advisory page regularly. However, if you are operating without a backup, you’re at risk of data loss. Data recovery is much easier with a backup copy of your data saved in cloud storage.

Your vigilance plus a strong backup system could make all the difference in the event of a ransomware attack. Learn more by downloading our Complete Guide to Ransomware.

The post Recent QNAP and Synology Security Alerts: How to Protect Your NAS appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.