Post matching 'GeneralGeneral'

Many people run their NAS (network attached storage) units ‘live’ on the internet in order to access files and data when out of the home or office.  Security researchers have however recently discovered that a number of popular QNAP NAS devices which were live on the internet have been infected with malware which has modified firmware and stolen credentials.

The method of infection isn’t as yet fully understood, however it would appear that only NAS units which are publicly available on the internet have been infected.  Once installed,  the malware prevents the NAS from auto updating itself and also the in-built AV scanning tools from running.  According to Bleeping Computer,  the malware will:

• Operating system timed jobs and scripts are modified (cronjob, init scripts)
• Firmware updates are prevented via overwriting update sources completely
• QNAP MalwareRemover App is prevented from being run
• All usernames and passwords related to the device are retrieved and sent to the C2 server
• The malware has modular capacity to load new features from the C2 servers for further activities
• Call-home activity to the C2 servers is set to run with set intervals

Remediation involved a factory reset of the NAS to ensure that the malware is removed,  however given that process if destructive to data, it’s critical that the NAS is first backed up.  Whilst a manual upgrade of firmware may be possible to an infected device, only a factory reset can guarantee removal of the malware.

There are no posts matching your criteria.

Our Case Studies

Read more about how we help small and large organisations.

Ambitions Academies Trust

A growing Trust with an enviable reputation for success within their Academies required a partner who was able to support that growth and ensure that the ICT infrastructure was fit for not only the present but also the future.  E [...]

Read More

Newcastle United Football Club

Greater demands on the WiFi network used by members of the press, club staff and users of the extensive conferencing and banqueting facilities at St James’ Park required the club to carry out a full refresh of the WiFi network. [...]

Read More

Edinburgh International Conference Centre

The Edinburgh International Conference Centre (EICC) had outgrown its legacy hardware controller-based WLAN which supported a limited number of 802.11n wireless access points. With the need to support 802.11ac data rates, greater [...]

Read More