The National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Security Agency (CISA) warn in a recent report (opens in new tab) that malware baptized QSnatch/Derek is still on the move and hunting for Qnap NAS devices.
After a successful attack, attackers could prevent firmware updates and execute their own commands through backdoors on network storage devices.
Currently, no active attacks are planned, but it is assumed that 65,000 devices are infected worldwide.
Unfortunately, the official Qnap warning does not indicate which firmware versions are protected. Also further information like the CVE number of the security hole cannot be found there.
NAS owners should ensure beyond patching that devices are only accessible from the Internet if there is no other way. Strong passwords and exclusive access by authorized users should also be standard.
For infected devices, the following applies: These must first be completely reset in order to install the latest firmware. This is the only way to remove unknown users and remote access accounts set up by attackers.