Synology NAS devices are being hacked to target Linux systems

Botnet
(Image credit: Shutterstock / BeeBright)

Synology (opens in new tab), the Taiwan-based maker of network-attached storage (NAS) (opens in new tab) devices, has put out a security advisory warning customers of an increase in brute-force attacks on its devices.

Sharing their observations, the hardware vendor’s Product Security Incident Response Team (PSIRT) says that it appears the attacks are orchestrated by the StealthWorker botnet.

Furthermore, the PSIRT adds that the attacks don’t seem to exploit any software vulnerabilities running on the NAS, and appear to be purely brute force in nature.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware. Devices infected may carry out additional attacks on other Linux (opens in new tab) based devices, including Synology NAS,” shares Synology (opens in new tab) through their advisory.

Double-check those passwords

Internet-connected NAS devices are always in the crosshairs of threat actors. Qnap (opens in new tab), another popular Taiwanese NAS vendor, bore the brunt (opens in new tab) of the malicious campaigns that have targeted the devices for everything from deploying ransomware to mining cryptocurrency (opens in new tab).

To ward off the current attack, Synology is advising its users to ensure that the devices have strong administrative credentials. Additionally, Synology users should enable the auto block and account protection features on their NAS devices, and enable multi-step authentication to add another layer of security in addition to the passwords (opens in new tab).

Synology, for its part, is working with “relevant” computer emergency response teams (CERT) to disable the known command and control (C2) servers that power the StealthWorker malware.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.