If you have a QNAP network-attached storage drive, you need to go and patch it now. Earlier in March 2020, security researchers at Qihoo's 360 Netlab identified a vulnerability in QNAP NAS devices under active exploitation.
Patch Your QNAP NAS
Attackers are attempting to take control of QNAP NAS hardware to install cryptocurrency mining malware, which mines cryptocurrency on behalf of the attacker.
The research team at 360 Netlab believes there are over 4 million vulnerable QNAP NAS devices online with over 950,000 unique IP addresses, all mapped using Qihoo's Quake mapping system.
The vulnerability relates to two remote command execution vulnerabilities,
CVE-2020-2506
and
CVE-2020-2507
, which, when exploited, allows the attacker to gain root privilege on the compromised NAS. Once an attacker has root access, they can do almost what they want on the machine.
Although the vulnerabilities are serious, the research team has not made its exploit proof-of-concept public nor released any technical details relating to the vulnerabilities, giving affected QNAP users time to patch their hardware.
Any QNAP NAS device with firmware
installed before August 2020
is currently vulnerable to the exploit, covering around 100 different versions of QNAP's NAS firmware. The
Qihoo 360 Netlab blog post
details the crypto-mining malware in more detail, including every firmware version currently affected.
Related:
The Best NAS for Home Media Servers and Shared Storage
QNAP NAS users should head to the
QNAP patch page
, download the latest patches, and install them as soon as possible. While QNAP hasn't yet made a direct response to Qihoo's revelations regarding the vulnerability, this is the most recent patch available for the hardware.
QNAP NAS Boxes Previously Targeted
This isn't the first time QNAP's NAS hardware has been targeted.
In December 2020, QNAP issued a warning regarding two high-severity cross-site scripting bugs that allowed an attacker remote access. Before that, in September 2020, QNAP users were hit by the AgeLocker ransomware, which infected thousands of publicly exposed QNAP NAS devices.
Related:
FreeNAS vs. OpenMediaVault vs. Amahi: What's the Best DIY NAS?
Yet another ransomware variant also specifically targeted QNAP NAS devices, too, the big giveaway being the name: QNAPCrypt. That said, the QNAPCrypt ransomware also targeted other NAS providers, such as Synology, Seagate, and Netgear.
For the time being, QNAP users should head to the previously linked patch page and follow the instructions to protect online devices.
Share
Share
Tweet
The 7 Best NAS Hard Drives
If you're looking to invest in network attached storage, you'll need a NAS hard drive. We're rounded up the best NAS hard drives to get you started.
Read Next
Related Topics
Security
Tech News
NAS
Malware
About The Author
Gavin Phillips
(926 Articles Published)
Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and a regular product reviewer. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.
More From Gavin Phillips
Subscribe to our newsletter
Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!
Click here to subscribe