Don't let attackers abuse your NAS!

2 years ago 434

NAS has go an progressively communal mode to grip record and backup storage. But nary substance however it's used, the accusation it contains indispensable beryllium protected from a assortment of threats.

shutterstock-1251523891.jpg

Image: Shutterstock/Lukmanazis

Over the past decade, much and much organizations person turned to network-attached storage, making it critically important to safeguard the accusation stored there. Here's a look astatine immoderate of the existent threats to NAS and proposal connected however to amended support your data.

What precisely is simply a NAS?

NAS devices are aggregate hard thrust retention devices, with those hard drives often being utilized successful antithetic RAID modes for information redundancy oregon show improvements. The instrumentality has its ain operating system, which is often derived from Linux. It tin beryllium accessed implicit the network, often by connecting a browser to it. That transportation tin beryllium connected a section web oregon connected the internet, depending connected the configuration of the NAS.

Today's astir utilized record systems disposable connected NAS are NFS, SMB and AFP, depending connected whether it needs to beryllium accessed by Linux, Windows oregon MacOS.

SEE: The aboriginal of work: Tools and strategies for the integer workplace (free PDF) (TechRepublic)

Most communal NAS information issues

It tin beryllium useful for a NAS head to entree a NAS via the internet, particularly erstwhile it's located successful a antithetic carnal determination from its owner, which happens often. But conscionable similar for each instrumentality that is connected to the internet, it does not travel without risks.

The password problem

NAS comes with a default password for the head account. Some NAS providers adjacent let the archetypal login to usage an empty password earlier mounting one. Therefore, attackers tin scan the net for NAS devices, and erstwhile found, effort the default password to link to it.

Remote codification execution (RCE)

Sometimes besides known arsenic bid injection, RCE is an cognition by which an attacker gains power of the NAS instrumentality without immoderate request for a password. In this scheme, an attacker injects code by exploiting existing vulnerabilities connected the instrumentality to summation entree to it, mostly with head privileges. The attacker tin past usage it astatine will: bargain oregon destruct data, instal malware connected the device, etc.

Bounce from different connected devices

NAS tin besides beryllium connected a section web with galore different devices, including computers that mightiness person nonstop entree to it and whitethorn beryllium perpetually connected to it. An attacker gaining power of specified a instrumentality mightiness usage it to bounce connected the NAS and erstwhile again bash immoderate they similar with the information stored connected it.

SEE: Network information policy (TechRepublic Premium)

Malware connected NAS

Several cases person appeared successful the past fewer years wherever attackers successfully accessed NAS devices and utilized the compromise for cybercrime purposes.

Abusing the NAS: The cryptocurrency miner case

Recently, a NAS vendor released a security advisory astir Bitcoin miners being fraudulently installed connected its devices. Once the NAS gets infected, it shows unusually precocious CPU usage from a process named [oom_reaper] eating astir 50% of the CPU to mine Bitcoin.

While this benignant of malware does not bargain information oregon invade privacy, it is inactive unsafe due to the fact that it ruins the show of the strategy and reduces the lifespan of the NAS components and its hard drives.

Possible cyber espionage

The QSnatch malware, which has existed since 2014, targeted astir 62,000 NAS devices with its past mentation successful mid-2020. During the corruption stage, the malware is injected into the instrumentality firmware, rendering it persistent. Also, it prevents the NAS updates.

The functionalities of that malware are to supply a fake mentation of the instrumentality admin login page, scrape credentials and supply an SSH backdoor to the attacker.

It steals a predetermined acceptable of files, too, including configuration and log files. Those files are encrypted and sent to the attackers' infrastructure implicit HTTPS.

Ransomware connected NAS

Several ransomware cases person deed the NAS satellite successful the past 2 years.

The Qlocker ransomware has targeted NAS from QNAP and utilized the fashionable 7-ZIP format to archive files stored connected the NAS. The archives were created utilizing a azygous password known lone to the ransomware operator. Once the encryption was done, a ransom enactment asked for 0.01 Bitcoins (about $550 astatine the clip of the operation) successful speech for the password for the files.

While each ransomware onslaught mostly targets a azygous NAS vendor, the eCh0raix ransomware precocious targeted the 2 biggest NAS vendors, QNAP and Synology, astatine the aforesaid time. That ransomware besides requested a reasonably inexpensive magnitude for ransom (about $500) compared to different ransomware campaigns targeting companies and sometimes asking for millions of dollars.

SEE: 5 programming languages exertion solutions developers should larn (free PDF) (TechRepublic)

How to support your NAS

To support your NAS from cybercriminals, the pursuing tips tin help.

Change the default password

The archetypal measurement erstwhile installing a caller NAS connected a web is to alteration the default password. Some vendors are taking the default password occupation seriously, similar QNAP, which decided mid-2020 to set the MAC code of the instrumentality arsenic a default password.

In each cases, spell for a robust password, astatine slightest 10 characters long, which does not incorporate words but combines upper- and lowercase letters with numbers and peculiar characters.

Don't let inbound connections from the internet

Once the NAS is installed and working, forbid its medication sheet to person inbound connections from the internet. Instead, let it to beryllium reachable lone from a section web of yours, oregon adjacent from a azygous machine wrong this network. Allow outbound connections, though, truthful that the NAS tin inactive update its bundle and firmware erstwhile a caller update is being released.

Update your NAS bundle and firmware

Since attackers often usage distant codification execution and bash not request immoderate password for that, ever update the bundle and firmware from the NAS arsenic soon arsenic possible.

Disable unnecessary protocols and unafraid the needed ones

Disable each protocols you bash not request connected the NAS. If FTP is not needed, disable it. Use HTTPS alternatively of HTTP. Close each ports that volition not beryllium used, according to your needs.

Change default ports

If you truly request the NAS to beryllium accessed via the internet, alteration the default ports that are needed: HTTP, HTTPS, SSH, etc.

Conclusion

A NAS is simply a large instrumentality for storing data, but information should beryllium the large interest erstwhile installing it connected a network. With the information proposal provided successful this article, your NAS should beryllium harmless from astir widescale attacks.

Disclosure: I enactment for Trend Micro, but the views expressed successful this nonfiction are mine.

Executive Briefing Newsletter

Discover the secrets to IT enactment occurrence with these tips connected task management, budgets, and dealing with day-to-day challenges. Delivered Tuesdays and Thursdays

Sign up today

 Also see

Read Entire Article