Qnap Prevents NAS Weak Password Attacks to Ensure User Data Security in Collaboration with Digital Ocean

Qnap Systems, Inc. recently detected a significant wave of weak password attacks.

These attacks targeted NAS exposed to the Internet, conducting intensive weak password attacks. The company detected this activity at 6:42 PM on October 14, 2023.

The Qnap Product Security Incident Response Team (Qnap PSIRT) swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous Internet-exposed Qnap NAS from further attack.

Within 48 hours, the company also identified the source C&C (Command & Control) server and, in collaboration with the cloud service provider Digital Ocean LLC, took measures to block this C&C server, preventing the situation from escalating further.

“Network security is of critical importance, requiring constant vigilance and 24/7 year-round management, detection, and response,” said Stanley Huang, manager, product security incident response team, Qnap. “This attack occurred over the weekend, and Qnap promptly identified it through cloud technology, quickly pinpointing the source of the attack and blocking it. This not only assisted Qnap NAS users in avoiding harm but also protected other storage users from being affected by this wave of attacks.”

Recommendations for users to protect their NAS
The company strongly recommends that NAS users take immediate cybersecurity measures to mitigate the ever-present risks of security attacks.

1. Disable the ‘admin’ account. (Refer to the security manual, page 30)

2. Set strong passwords for all user accounts and avoid using weak passwords. (Refer to the security manual, page 34)

3. Update Qnap NAS firmware and apps to the latest versions. (Refer to the security manual, page 24)

4. Install and enable the QuFirewall application. (Refer to the security manual, page 46)

5. Utilize myQnapcloud Link’s relay service to prevent your NAS from being exposed to the internet. If there are bandwidth requirements or specific applications necessitating port forwarding, you should avoid using the default ports 8080 and 443. (Refer to the security manual, page 39)