{"id":7229,"date":"2022-09-09T07:20:25","date_gmt":"2022-09-09T07:20:25","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7229"},"modified":"2023-04-28T04:01:35","modified_gmt":"2023-04-28T11:01:35","slug":"how-safe-are-storage-devices-from-a-ransomware-attack","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/how-safe-are-storage-devices-from-a-ransomware-attack\/","title":{"rendered":"How Safe Are Storage Devices From a Ransomware Attack?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7229\" class=\"elementor elementor-7229\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-532b235f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"532b235f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6c08f4c4\" data-id=\"6c08f4c4\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6bf1770 elementor-widget elementor-widget-text-editor\" data-id=\"6bf1770\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: justify;\"><strong>Does your organization use Network Attached Storage (NAS) devices? If you think that backing up data in these devices will keep you safe from a ransomware attack, you might have to revisit your security strategy.<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Ransomware groups such as Qlocker and eCh0raix have been targeting QNAP products for a while now. While devices from Western Digital, Synology, ENC Security, and Asustor have also been on the radar, QNAP\u2019s offerings have taken a hit with multiple targeted attempts at exploiting their internet-connected offerings.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">In the latest NAS-related scenario, ALPHV, Maui, and H0lygh0st ransomware, together with the FIN7 APT group, have been playing first fiddle.&nbsp;<\/p>\n<div style=\"text-align: justify;\">\n<table>\n<tbody>\n<tr>\n<td>\n<p><b>Ransomware<\/b><\/p>\n<\/td>\n<td>\n<p><b>Vendor<\/b><\/p>\n<\/td>\n<td>\n<p><b>Product<\/b><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">Deadbolt<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">QNAP<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">QNAP NAS running Photo Station<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">Qlocker<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">QNAP<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Hybrid Backup Sync, QTS, QuTS Hero, and QuTS Cloud<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">QNAP<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Photo Station, Hybrid Backup Sync, QTS, QuTS Hero, and QuTS Cloud<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">Maui<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">TerraMaster<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">NAS running TerraMaster operating system<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">H0lyGh0st<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">TerraMaster<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">NAS running TerraMaster operating system<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">ALPHV<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Veritas<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Backup Exec<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Apart from the above, another product being exploited is the Veeam Backup and Replication Server, although the attacker in this case is the FIN7 APT group that has been known to deploy the BlackBasta ransomware.<\/p>\n<\/div>\n<h2 style=\"text-align: justify;\">Recent Updates:<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">More recently, ransomware groups like DeadBolt, Checkmate, and NamPoHyu have joined hands with Qlocker and eCh0raix to go after exposed storage devices.<\/p>\n<p style=\"text-align: justify;\"><strong>Sep 06, 2022: <\/strong>DeadBolt ransomware was observed as exploiting CVE-2022-27593, a vulnerability in certain QNAP NAS devices running Photo Station.<\/p>\n<blockquote>\n<p>Repeated attempts have been made to compromise all forms of storage devices in the last quarter of 2022, and the exploitation has continued in 2023. We urge organizations to patch associated vulnerabilities, upgrade to the latest firmware, disable port forwarding on routers, or use VPNs to prevent NAS devices from being accessible on the internet.<\/p>\n<\/blockquote>\n<h2 style=\"text-align: justify;\">Should CISOs Be Worried About Storage Device Security?<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\"><strong>Yes. For many organizations that do not have a robust security strategy in place, storage devices are the last line of defense against ransomware attacks.&nbsp;<\/strong><\/p>\n<p style=\"text-align: justify;\">Storage devices form the crux of an organization and hold all the data that is needed for their day-to-day operations. In fact, with the work-from-home scenario, all organizations prefer network-attached devices that can be accessed from anywhere, at any time.<\/p>\n<p style=\"text-align: justify;\">On the other hand, increased network accessibility has led to an increased concern for data backups. This has resulted in Network Attached Storage (NAS) devices replacing legacy hardware for maintaining data backups. These data backups serve as the organization\u2019s fallback measure in case of a cyberattack.<\/p>\n<p style=\"text-align: justify;\"><strong>Securin researchers are tracking this trend as part of our ransomware research. Check out our <a href=\"https:\/\/cybersecurityworks.com\/ransomware\/\" target=\"_blank\" rel=\"noopener\">quarterly ransomware reports<\/a> for more information about storage devices and the threats targeting them.<\/strong><\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\">Attacks on Storage Devices<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Let us look at some of the incidents from early 2022 that had impacted storage devices connected to the internet. These are a clear indication that the attacks on storage devices are continuous and recurring, making it a true cause for concern. Furthermore, it is not just local storage that is being targeted; cloud storage is as vulnerable to attacks as any other internet-connected device.<\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"color: #ff9900;\"><b>Jul 11, 2022: <\/b><\/span>Threat cluster tracked as Raspberry Robin <a href=\"https:\/\/thehackernews.com\/2022\/07\/researchers-warn-of-raspberry-robins.html\" target=\"_blank\" rel=\"noopener\">targets<\/a> QNAP using worm-like Windows malware<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"color: #ff6600;\"><b><span style=\"color: #ff9900;\">Jul 8, 2022:<\/span> <\/b><\/span>New Checkmate ransomware&nbsp;<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-of-new-checkmate-ransomware-targeting-nas-devices\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">used to encrypt<\/a> data in exposed QNAP devices<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 22, 2022:<\/strong> Critical PHP flaw <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">exposes<\/a> QNAP NAS devices to RCE attacks<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 19, 2022:<\/strong> Researchers predict ransomware groups could encrypt files stored on Microsoft&#8217;s SharePoint and OneDrive applications by<a href=\"https:\/\/cyware.com\/news\/ransomware-attacks-on-microsoft-clouds-versioning-feature-are-likely-05353198\" target=\"_blank\" rel=\"noopener\"> abusing <\/a>the versioning feature<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 18, 2022:<\/strong> eCh0raix ransomware launches another wave of <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">attacks <\/a>on QNAP devices<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 10, 2022:<\/strong> Fujitsu cloud storage <a href=\"https:\/\/portswigger.net\/daily-swig\/separate-fujitsu-cloud-storage-vulnerabilities-could-enable-attackers-to-destroy-virtual-backups?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">vulnerabilities<\/a> could enable attackers to destroy virtual backups<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 02, 2022:<\/strong> Polonium APT group <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-blocks-polonium-hackers-from-using-onedrive-in-attacks\/\" target=\"_blank\" rel=\"noopener\">uses <\/a>Microsoft OneDrive cloud storage platform for data exfiltration and command and control, while targeting and compromising Israeli organizations<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>May 19, 2022:<\/strong> QNAP <a href=\"https:\/\/thehackernews.com\/2022\/05\/qnap-urges-users-to-update-nas-devices.html\" target=\"_blank\" rel=\"noopener\">warns<\/a> of a fresh wave of DeadBolt ransomware attacks targeting TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Apr 28, 2022: <\/strong>Synology NAS devices <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/synology-warns-of-critical-netatalk-bugs-in-multiple-products\/\" target=\"_blank\" rel=\"noopener\">exposed<\/a> to attacks exploiting multiple, critical Netatalk vulnerabilities, including CVE-2022-23125, CVE-2022-23122, CVE-2022-0194,&nbsp; and CVE-2022-23121<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Mar 30, 2022: <\/strong>QNAP NAS devices<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-severe-openssl-bug-affects-most-of-its-nas-devices\/\" target=\"_blank\" rel=\"noopener\"> exposed<\/a> to high-severity OpenSSL bug<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Mar 22, 2022: <\/strong>QNAP devices <a href=\"https:\/\/www.securityweek.com\/qnap-devices-targeted-new-wave-deadbolt-ransomware-attacks\" target=\"_blank\" rel=\"noopener\">targeted<\/a> in a new wave of DeadBolt ransomware attacks<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Mar 14, 2022:<\/strong> CVE-2022-0847, the Linux vulnerability dubbed Dirty Pipe, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-severe-linux-bug-affects-most-of-its-nas-devices\/\" target=\"_blank\" rel=\"noopener\">endangers<\/a> QNAP NAS devices<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Feb 22, 2022:<\/strong> Data in Asustor NAS devices <a href=\"https:\/\/www.bitdefender.com\/blog\/hotforsecurity\/asustor-nas-owners-hit-by-deadbolt-ransomware-attack\/?web_view=true\" target=\"_blank\" rel=\"noopener\">encrypted<\/a> by DeadBolt ransomware<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Although relatively old, we would also like to highlight how the <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/all-about-qlocker.html\" target=\"_blank\" rel=\"noopener\">Qlocker ransomware<\/a> announced its presence by going after a then zero-day vulnerability (CVE-2021-28799) in QNAP devices, even before its vendor recognized the existence of the vulnerability.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><span style=\"font-size: 10px;\"><em>A snippet from Securin&#8217;s <a href=\"https:\/\/cybersecurityworks.com\/resources\/whitepapers\/ransomware-spotlight-report-2022-through-the-lens-of-threat-and-vulnerability-management.html\" target=\"_blank\" rel=\"noopener\">Ransomware Report 2022<\/a><\/em><\/span><\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/QmFAlY1-zdlXTl2_2gFkVfuMBbelUoHcPl_HXiXJ6c-xts5FMexeIx8MbSYvRcHLCZEXrhLGl-DfC5seJBqYaDRGHFQ1HEHH6aey1tZv24VjU1yyU_47lw_DUhVBXjf1hGHHjgQAsOBMta8lIg\"><\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\">What Can Organizations Do to Protect Their Backup?<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">The first step to protecting data backups is to understand the exposure that attackers can leverage. To understand this, Securin has been continuously researching ransomware groups and the methods they use to attack their targets.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><strong>Address unpatched vulnerabilities&nbsp;<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Our researchers have identified the vulnerabilities in storage devices that are exploited by ransomware groups. We urge organizations to patch these vulnerabilities at the earliest to avoid exposing their NAS devices to attacks.<\/p>\n<table>\n<tbody>\n<tr>\n<td>\n<p><b>CVE<\/b><\/p>\n<\/td>\n<td>\n<p><b>CWE<\/b><\/p>\n<\/td>\n<td>\n<p><b>Ransomware Group<\/b><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2022-27593<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-610<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Deadbolt<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2017-7494<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-20, CWE-94<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2018-19943<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-79<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2018-19949<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-77<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2018-19953<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-79<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2019-7192<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-269<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2019-7193<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-20<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2019-7194<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-610<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2019-7195<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-610<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2021-28799<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-285<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">eCh0raix, Qlocker<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2021-27876<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-287<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">ALPHV<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2021-27877<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-287<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">ALPHV<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2021-27878<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">CWE-287<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">ALPHV<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">CVE-2022-24990<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">&#8211;<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">Maui, H0lyGh0st<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>CVE-2023-27532 is another CVE to watch out for as the vulnerability in Veeam Backup Servers is being targeted by the FIN7 APT group that has been previously linked to the BlackBasta ransomware group.&nbsp;<\/p>\n<div><br><\/div>\n<p style=\"text-align: justify;\">Interestingly, over 60 percent of these vulnerabilities are introduced by improper code configurations that include improper neutralization of input and other special elements, and improper input validation, authorization, or privilege management. Care must be taken from the development stage itself to avoid introducing weaknesses in code, adopting a security-focused Shift-Left mindset right from the beginning.<\/p>\n<blockquote>\n<p dir=\"ltr\" style=\"text-align: justify;\">Five of the ransomware vulnerabilities in storage devices that are known to be exploited by ransomware groups made it to the CISA KEVs after being repeatedly warned about by Securin in its blogs and Ransomware Reports. In fact, CVE-2017-7494 was only recently added to the list (April 2023), months after Securin\u2019s call-out.<\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\">We would also like to call out a few vulnerabilities in storage devices that, although not associated with ransomware groups yet, have been highlighted by CISA in their KEV catalog.<\/p>\n<table border=\"1\" cellpadding=\"3\" align=\"center\">\n<colgroup>\n<col width=\"157\">\n<col width=\"152\">\n<col width=\"302\"> <\/colgroup>\n<thead>\n<tr>\n<th scope=\"col\">\n<p dir=\"ltr\">Vulnerability<\/p>\n<\/th>\n<th scope=\"col\">\n<p dir=\"ltr\">Vendor<\/p>\n<\/th>\n<th scope=\"col\">\n<p dir=\"ltr\">Product<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">CVE-2020-2506<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">QNAP Systems<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">Helpdesk<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">CVE-2020-2509<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">QNAP<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">QNAP Network-Attached Storage (NAS)<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">CVE-2019-16057<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">D-Link<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">DNS-320 Storage Device<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">CVE-2020-9054<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">Zyxel<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">Multiple Network-Attached Storage (NAS) Devices<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">CVE-2018-14839<\/p>\n<\/td>\n<td style=\"text-align: center;\">\n<p dir=\"ltr\">LG<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\" style=\"text-align: center;\">N1A1 NAS<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p dir=\"ltr\" style=\"text-align: justify;\"><strong>Be wary of ransomware groups&nbsp;<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Securin researchers have identified two ransomware groups: Qlocker and eCh0raix, targeting vulnerabilities in storage devices, particularly NAS devices. The DeadBolt and Checkmate ransomware groups are the latest to join the trend, going after weaknesses that can be easily exploited. Our analysts are constantly on the lookout for attack vectors utilized by these groups. It is also believed the Sabbath ransomware gang specifically targets backups as part of its triple extortion method. Stay tuned to our <a href=\"https:\/\/securin.io\/blog\/\" target=\"_blank\" rel=\"noopener\">blogs<\/a> to be notified as we unearth more information about the groups.<\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\">Lax Response Despite Repeated Warnings by Vendors<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Surprisingly, vendors of storage devices have released multiple warnings and updates addressing the vulnerabilities as they were exploited. Despite this, we see multiple NAS devices exposed to the internet. Lack of cyber hygiene is the usual suspect here.<\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Sep 05, 2022:<\/strong> QNAP <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-patches-zero-day-used-in-new-deadbolt-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener\">patches<\/a> zero-day vulnerability exploited by DeadBolt ransomware<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jun 17, 2022:<\/strong>&nbsp; QNAP <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">warns <\/a>customers to secure their devices against a new campaign of attacks pushing DeadBolt ransomware<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>May 06, 2022 :<\/strong> QNAP <a href=\"https:\/\/thehackernews.com\/2022\/05\/qnap-releases-firmware-patches-for-9.html\" target=\"_blank\" rel=\"noopener\">releases<\/a> firmware update patching nine security weaknesses in QVR 5.1.6 build 20220401 and later<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>April 19, 2022:<\/strong> QNAP <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-urges-customers-to-disable-upnp-port-forwarding-on-routers\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">urges<\/a> customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing NAS devices to attacks from the internet<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Mar 26, 2022: <\/strong>Critical-severity RCE vulnerability<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/western-digital-fixes-critical-bug-giving-root-on-my-cloud-nas-devices\/\" target=\"_blank\" rel=\"noopener\"> identified<\/a> in Western Digital\u2019s My Cloud OS5 devices<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Mar 24, 2022: <\/strong>Western Digital <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/western-digital-my-cloud-os-update-fixes-critical-vulnerability\/\" target=\"_blank\" rel=\"noopener\">releases<\/a> new My Cloud OS firmware to fix the heavily exploited CVE-2022-23121<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Feb 14, 2022:<\/strong> QNAP <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-extends-critical-updates-for-some-unsupported-nas-devices\/\" target=\"_blank\" rel=\"noopener\">extends support <\/a>to some end-of-life NAS devices until October 2022, and provides mitigation measures<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Jan 28, 2022: <\/strong>QNAP <a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/qnap-force-installs-update-after-deadbolt-ransomware-hits-3-600-devices\/\" target=\"_blank\" rel=\"noopener\">force updates<\/a> customers&#8217; NAS devices with firmware containing the latest security updates<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">The repeated warnings showcase a positive movement with vendors showing increased awareness and releasing proactive mitigations to ward off attacks on their products. An interesting trend to note is the support offered by QNAP to some end-of-life devices. With vendors reacting to the flurry of attacks, it is now the turn of end users to step up their game.<\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\">How Can Vulnerability Management Help?<\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Organizations need a continuous vulnerability management process to identify and remediate vulnerabilities in all their assets. By continuously monitoring and prioritizing vulnerabilities and emerging threats, security teams will be able to reduce response times and remediate dangerous exposures before they are exploited by attackers.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Mature vulnerability management programs like ours provide customers with actionable intelligence that effectively reduces cybersecurity alert fatigue and provides organizations with a clear road map to secure their environment. Acting as an extension of our customer\u2019s security team, we go over and beyond to warn them of emerging threats and provide them with a customized early warning alert that facilitates rapid remediation.<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><em>Securin can help you identify vulnerabilities in your devices and prioritize the ones you should focus on.&nbsp;<\/em><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><em><a href=\"https:\/\/cybersecurityworks.com\/services\/vulnerability-management-as-a-service\" target=\"_blank\" rel=\"noopener\">Sign up for our VMaaS offering<\/a>.<\/em><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><strong>Related reading:<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/blog\/vulnerabilities\/critical-openssl-vulnerabilities-affecting-linux-and-nas-devices.html\" target=\"_blank\" rel=\"noopener\">Critical OpenSSL Vulnerabilities Affecting Linux and NAS Devices<\/a><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/all-about-qlocker.html\" target=\"_blank\" rel=\"noopener\">All About Qlocker<\/a><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/ransomware\/\" target=\"_blank\" rel=\"noopener\">Ransomware Reports<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u200b\u200b\u200b\u200b\u200b\u200b\u200bDoes your organization use Network Attached Storage (NAS) devices? You should revisit your security strategy.<\/p>\n","protected":false},"author":6,"featured_media":14310,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[138,80,109,117],"tags":[89,183,179,181,178,177,180,182,91,115],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7229"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=7229"}],"version-history":[{"count":24,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7229\/revisions"}],"predecessor-version":[{"id":18142,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7229\/revisions\/18142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/14310"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=7229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=7229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}