With the help of a botnet (networking of several computer programs that automatically and independently perform certain tasks), Synology NAS devices are currently being attacked. It tries to guess passwords and install malware. Password security is crucial in this attack.
What happened?
On August 9, security researchers at Taiwan’s Synology warned customers that the so-called “StealthWorker” botnet had targeted their data storage products – also known as network-attached storage (NAS) devices. With the help of a brute force attack, an attempt is made to gain access and encrypt the targeted devices.
What are the risks to my business from attacking Synology products?
The current attack is a brute force attack. These are usually based on guessing login data. The attackers usually use a list of known, common passwords. A software tries out all the passwords in this list. If it is exhausted or one of the attempts is successful, the network switches to another account. Synology’s security researchers have confirmed that they do not believe that the ongoing attack is related to an existing vulnerability in their products, but that it is an indiscriminate attack. The attack is allegedly carried out by the “StealthWorker” botnet. “StealthWorker” first appeared in 2019 when it targeted CMS e-commerce businesses. Synology issued a statement saying that they are working with several CERTs from around the world to take down the botnet.
What can I do?
If you own a Synology NAS device, follow the steps below:
If you are having trouble finding the right solution for your device and you are a Perseus customer, please contact us.
