Synology warns of malware infecting NAS devices with ransomware (Bruteforce)

[phaZed]

Looks like some Synology devices are being targeted for brute force attacks. Check your passwords!

Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks that lead to ransomware infections.

Otherwise, pretty obvious stuff as far as mitigation goes:

The company advised users to go through the following checklist to defend their NAS devices against attacks:

• Use a complex and strong password, and Apply password strength rules to all users.
• Create a new account in the administrator group and disable the system default "admin" account.
• Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
• Run Security Advisor to make sure there is no weak password in the system.

"To ensure the security of your Synology NAS, we strongly recommend you enable Firewall in Control Panel and only allow public ports for services when necessary, and enable 2-step verification to prevent unauthorized login attempts," the company added.

"You may also want to enable Snapshot to keep your NAS immune to encryption-based ransomware."

Synology provides more information on defending your NAS device against ransomware infections here.

Synology warns of malware infecting NAS devices with ransomware

Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks.

www.bleepingcomputer.com

 

[Sky-Knight]

First, if you own one of these devices with any of the cloud integrated feature enabled... you're foolish.
Second, if you own one of these devices and it's not connected to a smart switch and isolated onto its own VLAN... you're a near complete idiot.
Third, if you own one of these devices and you don't have a decent password on it while maintaining current firmware releases... you're irredeemably stupid.

If you're not all of these things, you can enjoy a NAS that has some seriously magical ability. The things you can get away with on the cheap with these magical boxes and M365... so nice. Universal file versioning? No per agent archival of the complete tenant? Seriously... magic.