Overview
Your Internet-facing devices could be putting you at risk of a cyber-attack. Your network could be targeted at any minute if you haven’t patched up. Cyber-criminals are taking advantage of vulnerabilities on network-attached storage (NAS) devices that have not been updated.
Not keeping your devices up to date could result in malicious code being installed such as ransomware, in addition to providing the cyber-criminals with complete remote access to your computers and devices without your knowledge.
Detail
NAS devices are used in businesses and in home environments to share files in a work or home network, however, in many cases these devices allow connections from the Internet to enable remote access and maintain Internet-based services.
QNAP, a major manufacturer of NAS devices, has recently urged customers to enable firmware auto-updating on their devices due to a vulnerability being exploited actively in the wild. Due to the prevalence of a particular exploit resulting in DeadBolt ransomware, QNAP implemented a force-install of a security update.
Important note: Force-installs are not a typical occurrence so it is important to ensure that you monitor and maintain your own devices.
Even if you don’t have any NAS devices, this is a stark reminder to secure your internet-facing devices (e.g. smart door bells, cameras and fridges etc.) by keeping them updated.
Recommended Action
-
It is highly recommended to set your devices to auto-update. If this is not possible, ensure you monitor for and apply any security patches when they become available.
- Consider restricting device access to the Internet - Do you really need access to the device remotely?
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.