How To protect your NAS drive from hackers and cyber-criminals

by | Aug 28, 2022 | Computers

An increasingly popular method for managing file and backup storage is NAS.

But regardless of how it is employed, the data it holds must be safeguarded from a number of dangers.

Network-attached storage has been increasingly popular among businesses over the past ten years, making it crucial to protect the data kept there.

Here is a look at some recent dangers to NAS and suggestions for enhanced data security.

 

A NAS is exactly what?

NAS devices are storage devices containing numerous hard drives, and these hard drives are frequently employed in various RAID configurations for data redundancy or performance enhancements.

The gadget features a custom operating system that frequently borrows Linux as a base.

It can be reached via a network, frequently by linking a browser to it.

Depending on how the NAS is set up, that connection may be on a local network or the internet.

NFS, SMB, and AFP are now the most popular file systems available on NAS, depending on whether it has to be accessed by Linux, Windows, or MacOS.

Most typical NAS security problems

When a NAS is physically distant from its owner, as it frequently is, it can be useful for a NAS administrator to have internet access to the device.

It does not, however, come without risks, just like with every internet-connected device.

 

The issue with passwords

The administrator account’s password is pre-set in NAS.

Even before setting a password, some NAS providers permit the initial login to use an empty password.

As a result, hackers can search the internet for NAS systems and attempt to connect to them using the default password when they are discovered.

 

Remote code execution (RCE)

RCE, which is also sometimes referred to as command injection, is a technique used by attackers to take control of NAS devices without using a password.  In this approach, an attacker gains access to the device—typically with administrator privileges—and injects code by taking advantage of known flaws.

The attacker can then use it as they choose, such as to steal or delete data, infect the device with malware, etc.

Bounce from other connected devices

NAS can also be connected to a local network that includes a variety of different devices, including PCs that may have direct access to it and may be online all the time.

If an attacker takes possession of such a device, they might use it to access the NAS again and manipulate the data there as they see fit.

Viruses and Malware on NAS

In some instances over the past few years, hackers were able to gain access to NAS devices and use the compromise for criminal activities.

Misuse of the NAS: The Bitcoin miner case

A NAS provider recently issued a security alert regarding Bitcoin miners that had been fraudulently installed on their products.

Once the NAS is infected, a process called [oom reaper] that uses around 50% of the CPU to mine bitcoin causes it to exhibit extremely high CPU utilization.

Even while this particular malware does not steal data or violate privacy, it is nonetheless harmful since it degrades system speed and shortens the life of the NAS’s hardware, including its hard drives.

Possibilitiy of cyberspies

In mid-2020, the most recent version of the QSnatch malware, which has been around since 2014, targeted around 62,000 NAS machines.

The malware is injected into the firmware of the device during the infection stage, making it persistent.

Additionally, it stops the NAS upgrades.

The malware’s features include creating a false login page for the device administrator, scraping user information, and giving the attacker access to an SSH backdoor.

A preset set of files, including configuration and log files, are also stolen.

The attackers’ infrastructure receives these files via HTTPS while they are encrypted.

NAS ransomware

In the past two years, the NAS industry has experienced a number of ransomware attacks.

The ubiquitous 7-ZIP file format was used to archive files that were stored on the QNAP NAS, which was the target of the Qlocker ransomware.

Using a single password that was only known to the ransomware operator, the archives were formed.

After the files were encrypted, a ransom note demanded payment of 0.01 Bitcoins (equal to $550 at the time of the operation) in exchange for the file password.

The eCh0raix ransomware recently targeted the two largest NAS providers, QNAP and Synology, simultaneously, when most ransomware attacks only target one NAS vendor.

In contrast to previous ransomware operations that target businesses and occasionally demand millions of dollars, this one demanded a rather small amount of money (about $500) in exchange for access to the victim’s data.

How to safeguard your NAS

The following advice can help you defend your NAS against cybercriminals.

Altering the default password

The default password should be changed as soon as a new NAS is installed on a network.

Some suppliers are actively addressing the issue of default passwords, such as QNAP, which chose to make the device’s MAC address the default password in the middle of 2020.

Always choose a strong password with at least 10 characters, no words, and a combination of upper- and lowercase letters, digits, and special characters.

When the NAS is up and running, prevent incoming internet connections from reaching its administrative panel.

Instead, make it accessible exclusively from your local network, or perhaps just from a single machine within it.

To ensure that the NAS can still upgrade its software and firmware when a new update is made available, permit outbound connections.

NAS software and firmware updates

Update the NAS’s software and firmware as soon as you can because attackers frequently utilize remote code execution, which does not require a password.

Disable unused protocols and protect those that are vital.

On the NAS, disable any protocols you do not require.

Disable FTP if it is not required.

Instead of HTTP, use HTTPS.

Depending on your requirements, close any ports that won’t be used.

Modify the default ports

Change the required default ports for HTTP, HTTPS, SSH, and other protocols if you truly need to access the NAS over the internet.

 

A NAS is a fantastic tool for storing data, but when installing one on a network, security should be your top priority. Your NAS should be protected from the majority of large-scale assaults if you follow the security tips in this article.