Synology Investigates Ongoing Brute-Force Attacks From Botnet
Company’s Product Security Incident Response Team working with relevant CERT organizations to find out more about and shut down known command and control servers behind malware
This is a Press Release edited by StorageNewsletter.com on August 24, 2021 at 1:31 pmSynology, Inc.’ PSIRT (Product Security Incident Response Team) has recently seen and received reports on an increase in brute-force attacks against Synology devices.
The company’s security researchers believe the botnet is primarily driven by a malware family called ‘StealthWorker.’ At present, the firm’s PSIRT has seen no indication of the malware exploiting any software vulnerabilities.
These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware. Devices infected may carry out additional attacks on other Linux based devices, including Synology NAS.
The company’s PSIRT is working with relevant CERT organizations to find out more about and shut down known C&C (command and control) servers behind the malware. The firm is simultaneously notifying potentially affected customers.
The company advises all system administrators to examine their systems for weak administrative credentials, to enable auto block and account protection, and set up multi-step authentication where applicable.
System administrators that have found suspicious activity on their devices should reach out to Synology technical support.
Resources:
How to add extra security to your Synology NAS
10 security tips to keep your data safe
Subscribe to our free daily newsletter
