fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Unpatched QNAP Devices Are Being Hacked To Mine Cryptocurrency

Unpatched QNAP Devices Are Being Hacked To Mine Cryptocurrency

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency.

The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020.

Cryptomining malware discovered on NAS devices compromised during this campaign was

named UnityMiner by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab).

“We noticed the attacker customized the program by hiding the mining process and the real CPU memory resource usage information, so when the QNAP users check the system usage via the WEB management interface, they cannot see the abnormal system behavior,” the report says.

360 Netlab informed QNAP of the ongoing cryptomining campaign on March 3rd, one day after noting the attacks.

All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks.

Also Read: How To Comply With PDPA: A Checklist For Businesses

The researchers discovered 4,297,426 potentially vulnerable QNAP NAS devices online using the company’s 360 Quake cyberspace mapping system.

QNAP devices
Image: 360 Netlab

Even though QNAP hasn’t published an advisory to warn customers of the active attacks, the company urged customers last month to update the Surveillance Station and Helpdesk apps to patch recently discovered security vulnerabilities.

“To ensure the security of their QNAP NAS, users are urged to install their applicable update(s) at the earliest convenience,” QNAP said.

“Alongside these software updates and published security advisories, QNAP has also sent individual notification emails to known Surveillance Station users, to minimize the impact caused by the issue.”

In January, QNAP warned customers of another series of attacks that infect and exploit QNAP NAS devices to mine bitcoin without their knowledge.

That warning came after QNAP a November knowledgebase article explaining that NAS devices running dovecat and dedpma processes are compromised and are running a Bitcoin miner malware.

NAS devices under siege

QNAP’s NAS devices have been under attack for a while now, with customers being warned of QSnatch malware and Muhstik Ransomware infections in September and October 2019.

An eCh0raix Ransomware (aka QNAPCrypt) campaign also targeted QNAP NAS devices with outdated QTS firmware and weak passwords during August 2019.

More recently, in September 2020, QNAP informed customers of a wave of AgeLocker Ransomware attacks on publicly exposed NAS devices.

All QNAP NAS owners should go through the following checklist to secure their NAS and check for malware:

  • Change all passwords for all accounts on the device
  • Remove unknown user accounts from the device
  • Make sure the device firmware is up-to-date and all of the applications are also updated
  • Remove unknown or unused applications from the device
  • Install QNAP MalwareRemover application via the App Center functionality
  • Set an access control list for the device (Control panel -> Security -> Security level)

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

Additional technical details for the UnityMiner cryptomining malware and a list of all firmware releases known to be vulnerable are available in 360 Netlab’s report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us