Synology investigates ongoing botnet attack

Synology investigates ongoing botnet attack

NAS, in general, are attacked 24/7: there are continuous attacks directed against such devices by bots and the like, in this case, however, it is a “massive attack through a botnet network directed to Synology NAS.

Let’s see what he reported Synology, if there are any dangers and what can we do to make sure security of the NAS.

There have been several attacks directed against the NAS in the past, such as i many attacks at QNAP NAS.

Attack with the StealthWorker

Analysis team Product Safety Incident Response Team identified an attack by a botnet carrying the malware “StealthWorkerThere are currently no cases of NAS vulnerability exploits.

Currently, it appears that the botnet is using already infected devices trying to use the administrative credentials present by default, if it manages to connect it will load the malicious payload including ransomware.

The attack also affects Linux-based NAS.

Synology is working with the patronage of some national CERTs to try to locate the C&C servers behind the botnet network.

Let’s see some tips to put in place security the NAS.

How to secure the NAS

Here are some points to apply put inside security the NAS:

  • the first thing to do is to deactivate the active administrator account by default
  • subdivide access privileges by creating groups and space quotas to be used
  • put it on security and the complexity of passwords since control panel> Users and groups> Advanced> Password settings
  • from same path above also set password expiration mode
  • activate thetwo-factor authentication path Options> Personal> Accounts
  • limit the number of attempts by an IP address to connect from the path Control Panel> Security> Accounts
  • configure only the ports strictly necessary for remote access
  • activate the DDOS protection path Control Panel> Security> Security> Enable DoS Protection
  • modify the ports used by default for access, the predefined ports are:
    • HTTP: 5000
    • HTTPS: 5001
    • SSH: 22
  • you can do it from the path Control Panel> Terminal and SNMP> Terminal> Default SSH Ports
How to secure your router, NAS or IoT device?

And have you noticed any issues with your Synology server? It is essential to apply the security rules suggested above or, at least, to apply at least half of them in order to “secure” the home or company NAS.

Share this article: