QNAP has issued a new advisory urging users of its
network-attached storage (NAS) devices to upgrade to the latest
version of Photo Station[1]
following yet another wave of DeadBolt ransomware attacks[2] in the wild by
exploiting a zero-day flaw in the software.
The Taiwanese company said[3]
it detected the attacks on September 3 and that “the campaign
appears to target QNAP NAS devices running Photo Station with
internet exposure.”
The issue has been addressed in the following versions –
- QTS 5.0.1: Photo Station 6.1.2 and later
- QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
- QTS 4.3.6: Photo Station 5.7.18 and later
- QTS 4.3.3: Photo Station 5.4.15 and later
- QTS 4.2.6: Photo Station 5.2.14 and later
Details of the flaw remain unclear at the moment, with the
company advising users to disable port forwarding on the routers,
prevent NAS devices from being accessible on the Internet, upgrade
NAS firmware, apply strong passwords for user accounts, and take
regular backups to prevent data loss.
The latest development marks the fourth round of DeadBolt
attacks aimed at QNAP appliances since January 2022[4], followed by similar
incursions in May[5]
and June[6].
“QNAP NAS should not be directly connected to the Internet,” the
company said[7]. “We recommend users to
make use of the myQNAPcloud Link feature provided by QNAP, or
enable the VPN service. This can effectively harden the NAS and
decrease the chance of being attacked.”
References
- ^
Photo
Station (www.qnap.com) - ^
DeadBolt
ransomware attacks (thehackernews.com) - ^
said
(www.qnap.com) - ^
January
2022 (thehackernews.com) - ^
May
(thehackernews.com) - ^
June
(thehackernews.com) - ^
said
(www.qnap.com)
Read more https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html