fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

QNAP Warns Users of Bitcoin Miner Targeting their NAS Devices

QNAP Warns Users of Bitcoin Miner Targeting their NAS Devices

QNAP warned customers today of ongoing attacks targeting their NAS (network-attached storage) devices with cryptomining malware, urging them to take measures to protect them immediately

The cryptominer deployed in this campaign on compromised devices will create a new process named [oom_reaper] that will mine for Bitcoin cryptocurrency.

While running, the malware can take up to 50% of all CPU resources and will mimic a kernel process with a PID higher than 1000.

Also Read: Do Not Call Registry Penalty: Important Tips To Consider

“We strongly recommend users to act immediately to protect their device,” QNAP said in a security advisory published today. “If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.”

Customers who suspect their NAS is infected with this bitcoin miner are advised to restart their device, which may remove the malware.

QNAP also recommends customers take the following measures to protect their devices from these attacks:

  1. Update QTS or QuTS hero to the latest version.
  2. Install and update Malware Remover to the latest version.
  3. Use stronger passwords for your administrator and other user accounts.
  4. Update all installed applications to their latest versions.
  5. Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.

You can find detailed information on the steps required for each of the actions above in today’s security advisory.

QNAP NAS devices under siege

NAS devices are an attractive target for attackers, and this is not the first time QNAP systems were targeted by cryptomining malware this year.

In March, researchers at Qihoo 360’s Network Security Research Lab (360 Netlab) revealed that a cryptominer dubbed UnityMiner was hijacking QNAP NAS devices unpatched against two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app.

Also Read: Facts About Accountability PDF That You Need to Know About

In January, QNAP users were also urged to defend their devices from a malware campaign that made them unusable after spawning dovecat and dedpma processes that would hog up almost all system resources.

QNAP also notified customers of eCh0raix ransomware (also known as QNAPCrypt) attacks in May (as well as in June 2019 and June 2020). This alert came just two weeks after another warning of an AgeLocker ransomware outbreak.

A massive Qlocker ransomware campaign also started hitting vulnerable QNAP devices beginning mid-April. The attackers made $260,000 in just five days by locking the victims’ data using the 7zip open-source file archiver.

QNAP customers who want to secure their NAS devices from attacks further are advised to follow these best practices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us