On August 9, security researchers from Taiwan-based Synology warned customers that the so-called "StealthWorker" botnet has targeted their data storage products - these are also known as network-attached storage (NAS) devices. A brute force attack is used to try to gain access and encrypt the targeted devices.
What are the risks to my business from the attack on Synology products?
The current attack is a brute force attack. These are usually based on guessing credentials. The attackers usually use a list of known, common passwords. Software tries all the passwords in this list. If it is exhausted or one of the attempts was successful, the network moves on to another account. Synology security researchers have confirmed that they do not believe the ongoing attack is related to an existing vulnerability in their products, but that it is a random attack. The attack is allegedly perpetrated by the "StealthWorker" botnet. "StealthWorker" first appeared in 2019 when it targeted CMS e-commerce companies. Synology issued a statement saying they are working with multiple CERTs from around the world to take down the botnet.
What can I do?
If you own a Synology NAS device, follow the steps below:
- Check your credentials and make sure that your password is not used in other accounts, is unique and sufficiently complex. You may also consider using a password manager.
- Enable automatic locking and account protection. You can find step-by-step instructions here.
- If possible, add 2-factor authentication to your account. This solution will notify you as soon as someone unexpectedly tries to log in, and will check your authenticity in another way, e.g. via SMS.
- Synology has issued additional protection instructions, which are available here.
If you have difficulty finding the right solution for your device and you are a Perseus customer, please contact us.