The popular Network Attached Storage devices from Taiwanese vendor QNAP are the subject of an active malware attack. QNAP has issued a security advisory warning that the attack is underway and offering an updated version of the QNAP Malware Remover to resolve the issue. The active evidence of the malware includes adding hundreds of entries to the device’s hosts file pointing well known antivirus update servers to a sinkhole 0.0.0.0 address.
QNAP is still determining which products are affected by the malware and advises clients to contact their Help Desk for further assistance.
This incident serves as a timely reminder that appliances such as NAS devices should be included within your regular patching regime along with servers, desktop computers and networking hardware. Your network is only as secure as your least secure device, so it is important not to overlook appliances such as SIEM log repositories, NAS devices or even smart printers. A vulnerability in any device on your network could be the point of entry for a cyber-attack which, once a beachhead has been established, is able to pivot and attack more valuable assets within your network.