QNAP Releases NAS Security Statement

QNAP has issued an 'Immediate Action' statement regarding attacks against a number of their NAS products. The statement recommends applying mitigating steps to reduce the risk of attack.

Threat ID:: CC-4005
Threat Severity:: Information only
Published:: 10 January 2022 12:26 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

QNAP has issued an 'Immediate Action' statement regarding attacks against a number of their NAS products. The statement recommends applying mitigating steps to reduce the risk of attack.

Affected platforms

The following platforms are known to be affected:

Versions: all NAS products appear to be affected

QNAP NAS

Threat details

Introduction

QNAP has issued an 'Immediate Action' product security statement warning users of their Network-attached storage (NAS) products of large-scale ransomware and brute-force attacks against them. They also advise users to take mitigating steps to reduce the risk of attack.

Nature of 'Immediate Action' notice

QNAP has not provided any further details on the threat posed by these attacks, nor have they given a full justification for the urgent nature of the statement.

NHS Digital are working with our partners to obtain more information and will update this article as appropriate.

Remediation advice

Affected organisations are encouraged to review QNAP's statement and apply the below remediation steps.

Remediation steps

Type	Step
Action	Step 1: Check that any NAS devices are exposed to the Internet using the Security Counselor. If the Security Counselor shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” then the device is exposed. Unexposed devices are not vulnerable. https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas
Action	Step 2: Disable port forwarding for NAS management port (443 and 8080 by default) on your router, virtual server, or NAT. Please note that this should only be done for IP addresses used by your NAS devices. https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas
Action	Step 3: Disable UPnP port forwarding on your QNAP NAS devices via 'Auto Router Configuration' in myQNAPCloud on the QTS menu. https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas

Type

Step

Action

Step 1:

Check that any NAS devices are exposed to the Internet using the Security Counselor. If the Security Counselor shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” then the device is exposed.

Unexposed devices are not vulnerable.

https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas

Action

Step 2:

Disable port forwarding for NAS management port (443 and 8080 by default) on your router, virtual server, or NAT.

Please note that this should only be done for IP addresses used by your NAS devices.

https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas

Action

Step 3:

Disable UPnP port forwarding on your QNAP NAS devices via 'Auto Router Configuration' in myQNAPCloud on the QTS menu.

https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas

Definitive source of threat updates

https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas

Last edited: 18 January 2022 1:35 pm