Skip to main content

Synology NAS devices are being hacked to target Linux systems

Botnet
(Image credit: Shutterstock / BeeBright)

Synology, the Taiwan-based maker of network-attached storage (NAS) devices, has put out a security advisory warning customers of an increase in brute-force attacks on its devices.

Sharing their observations, the hardware vendor’s Product Security Incident Response Team (PSIRT) says that it appears the attacks are orchestrated by the StealthWorker botnet.

Furthermore, the PSIRT adds that the attacks don’t seem to exploit any software vulnerabilities running on the NAS, and appear to be purely brute force in nature.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware. Devices infected may carry out additional attacks on other Linux based devices, including Synology NAS,” shares Synology through their advisory.

Double-check those passwords

Internet-connected NAS devices are always in the crosshairs of threat actors. Qnap, another popular Taiwanese NAS vendor, bore the brunt of the malicious campaigns that have targeted the devices for everything from deploying ransomware to mining cryptocurrency.

To ward off the current attack, Synology is advising its users to ensure that the devices have strong administrative credentials. Additionally, Synology users should enable the auto block and account protection features on their NAS devices, and enable multi-step authentication to add another layer of security in addition to the passwords.

Synology, for its part, is working with “relevant” computer emergency response teams (CERT) to disable the known command and control (C2) servers that power the StealthWorker malware.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.