Synology NAS Devices Are Being Targeted By StealthWorker Botnet, Here's How To Protect Your Data

synology nas devices targeted by botnet
Network Attached Storage (NAS) devices from Synology are being targeted by the StealthWorker Botnet in an ongoing brute-force attack that could lead to ransomware infections. Perhaps we should just drop the “network attached” of NAS portion for now.

According to an August 4th report, Synology’s Product Security Incident Response Team (PSIRT) witnessed and received reports on “an increase in brute-force attacks against Synology devices.” While the team believes that these attacks are not using software vulnerabilities, the attacks are still concerning.

cs synology nas devices targeted by botnet

The botnet behind the brute-force behavior, wherein attackers “leverage a number of already infected devices to try and guess common administrative credentials,” is reportedly driven by a malware family called “StealthWorker.” If the guessing is successful, then there is the potential for a malicious payload to be installed, including ransomware. The breached devices may also become a part of the botnet and carry out attacks on other devices.

To help protect against this, “Synology strongly advises all system administrators to examine their systems for weak administrative credentials, to enable auto block and account protection, and set up multi-step authentication where applicable.” Moreover, users should ensure that their Synology device is not attached to the internet if those features are not utilized as it would pose an unnecessary risk.

Synology is also providing help to those who have been infected or have witnessed suspicious activity, and you can reach out here to find out more if you are affected.