Unpatched NAS Devices Used To Mine Bitcoin. In late 2020, QNAP discovered a pair of critical security vulnerabilities that would allow hackers to take remote control over network-attached storage devices (NAS). In this particular instance, the hackers chose not to encrypt files and demand payment or cause other mayhem. Instead, they made slaves of the devices and put them to work mining Bitcoin on their behalf, quietly creating little profit centers for themselves, scattered all over the web.
According to industry statistics, the company patched the vulnerabilities before the end of 2020, but there are still millions of unpatched NAS devices out there. Security researchers at 360 Netlab found evidence of crypto mining software on unpatched QNAP devices as late as March 3 of this year (2021).
If you have a QNAP and you’re noticing degraded or disappointing performance recently, it pays to check to see when your last updates for your firmware. As an added security measure, change the passwords for all accounts on the device as well.
While you’re conducting your review, if you spot an account associated with the device you do not recognize, remove it. If you haven’t done so already, set up an access control list for the device by going to the Control Panel, clicking on “Security,” and establishing security levels as appropriate.
360 Netlab did an exhaustive search and discovering just over four million NAS devices that had yet to have patches and were thus vulnerable to this kind of attack. It pays to make sure that you don’t own one of the remaining vulnerable ones. If you do, it’s not a question of if you will see attacks and your drive put to work in the service of others, but when. Download the latest firmware and install today if you haven’t done so already.