Search

QNAP Newsroom

Keep up to date with the latest QNAP news, awards and connect with our team

QNAP Newsroom
Press Release

QNAP, in Collaboration with Digital Ocean, Successfully Prevents NAS Weak Password Attacks to Ensure User Data Security

QNAP, in Collaboration with Digital Ocean, Successfully Prevents NAS Weak Password Attacks to Ensure User Data Security

Taipei, Taiwan, October 19, 2023 - QNAP® Systems, Inc. recently detected a significant wave of weak password attacks. These attacks targeted NAS devices exposed to the internet, conducting intensive weak password attacks. QNAP detected this activity at 6:42 PM on October 14, 2023. The QNAP Product Security Incident Response Team (QNAP PSIRT) swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack. Within 48 hours, they also successfully identified the source C&C (Command & Control) server and, in collaboration with the cloud service provider Digital Ocean, took measures to block this C&C server, preventing the situation from escalating further.

"Network security is of critical importance, requiring constant vigilance and 24/7 year-round management, detection, and response,” said Stanley Huang, the Manager of QNAP's Product Security Incident Response Team, continued, “This attack occurred over the weekend, and QNAP promptly identified it through cloud technology, quickly pinpointing the source of the attack and blocking it. This not only assisted QNAP NAS users in avoiding harm but also protected other storage users from being affected by this wave of attacks."

Recommendations for users to protect their NAS

QNAP strongly recommends that NAS users take immediate cybersecurity measures to mitigate the ever-present risks of security attacks.

  1. Disable the "admin" account. (Refer to the security manual, page 30)

  2. Set strong passwords for all user accounts and avoid using weak passwords. (Refer to the security manual, page 34)

  3. Update QNAP NAS firmware and apps to the latest versions. (Refer to the security manual, page 24)

  4. Install and enable the QuFirewall application. (Refer to the security manual, page 46)

  5. Utilize myQNAPcloud Link's relay service to prevent your NAS from being exposed to the internet. If there are bandwidth requirements or specific applications necessitating port forwarding, you should avoid using the default ports 8080 and 443. (Refer to the security manual, page 39)

About QNAP

QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.

Media inquiries

marketing@qnap.com

Choose specification

      Show more Less

      This site in other countries/regions:

      open menu
      back to top