Just wanted to let you all know that the Stealthworker Botnet appears to be targeting Synology devices and trying to deploy ransomware. It appears that the botnet is trying to leverage weak credentials to attack Synology boxes and perhaps other linux hosts on a compromised network. Make sure and check those passwords, setup 2FA where possible.
2 Likes
Yeah I just heard about this. It sounds like there isn’t an actual exploit here? It just brute forces lame passwords and adds your box to the botnet if it finds one.
There isn’t an exploit, that’s why I mentioned that it leverages weak credentials. However, the real issue is not just the possible zombification of your NAS or other computer. Rather it is the possible Ransomware they could deploy on your NAS.
Yeah, that’s what it sounds like. I’m still surprised so many people have their NAS directly exposed to the Internet in the first place.
2 Likes
That’s the question I have, how does that happen?
Well I felt it was appropriate to warn the users here because often times, we administer not only our own technology, but also the technology of friends and family. Don’t want mom and dad losing all their vacation photos because they kept some default password in place.
1 Like
No worries, I get it. I did the same thing not too long about the EC2 classic networking retirement, and that was even less likely to directly impact Mom and Pop.
I’d guess that UPnP is probably to blame for a lot of those NAS units being exposed to the Internet, and the users might not even know it’s happening.
1 Like
psa for them changing passwords.
long passwords you can remember are better than P@55W0rD!123 or qwertyuiop (keyboard walk passwords).
pick a phrase or sentence from a book/movie and try to use the full input field.
basically if they get your password it will take them way longer to crack a 40 letter, easy to to remember Quote password. than a 10 letter complex password.
i know this it typically schoolboy stuff for the guys on here. but it is worth repeating, for them that are new to this stuff.
1 Like
Or don’t be stupid and put your NAS on an intranet like a rational person
Security reasons definitely exist not to, but internet access is helpful for hundreds of other reasons.