Hackers Are Using Unpatched NAS Devices To Mine Bitcoin

In late 2020, QNAP discovered a pair of critical security vulnerabilities that would allow hackers to take remote control over network attached storage devices (NAS). In this particular instance, the hackers chose not to encrypt files and demand payment or cause other mayhem. Instead, they made slaves of the devices and put them to work mining Bitcoin on their behalf, quietly creating little profit centers for themselves, scattered all over the web.

The company patched the vulnerabilities before the end of 2020, but according to industry statistics, there are still millions of unpatched NAS devices out there. In fact, security researchers at 360 Netlab found evidence of cryptomining software on unpatched QNAP devices as late as March 3 of this year (2021).

If you have a QNAP and you’ve been noticing degraded or disappointing performance of late, it pays to check to see when you last updated your firmware. As an added security measure, change the passwords for all accounts on the device as well.

In fact, while you’re conducting your review, if you spot an account associated with the device that you do not recognize, remove it, If you haven’t done so already, set up an access control list for the device by going to the Control Panel, clicking on “Security” and then establishing security levels as appropriate.

360 Netlab did an exhaustive search and discovered just over four million NAS devices that had yet to be patched and were thus vulnerable to this kind of attack. It pays to make sure that you don’t own one of the remaining vulnerable ones. If you do, it’s not really a question of if you will be attacked and your drive put to work in the service of others, but when. Download the latest firmware and install today if you haven’t done so already.