Synology Continues Investigation into Persistent Botnet Brute-Force Attacks

August 3, 2021 by our News Team

Synology PSIRT has observed a surge in brute-force attacks targeting Synology devices, prompting them to investigate and identify a malware family known as "StealthWorker" as the primary driver behind the botnet responsible for these attacks. System administrators should take immediate action to safeguard their systems by examining system credentials, enabling auto block and account protection, and implementing multi-step authentication.

  • Examine system credentials for weak administrative credentials
  • Enable auto block and account protection
  • Implement multi-step authentication

Title: Increasing Brute-Force Attacks Targeting Synology Devices: What You Need to Know

In recent times, Synology PSIRT (Product Security Incident Response Team) has observed a surge in brute-force attacks targeting Synology devices. These attacks have prompted Synology’s security researchers to investigate the matter further, leading them to identify a malware family known as “StealthWorker” as the primary driver behind the botnet responsible for these attacks. It is important to note that there is currently no evidence suggesting that the malware exploits any software vulnerabilities.

The modus operandi of these attacks involves leveraging already infected devices to attempt to guess common administrative credentials. If successful, the attackers gain unauthorized access to the system and install their malicious payload, which may include ransomware. Furthermore, infected devices can also be used to carry out additional attacks on other Linux-based devices, including Synology NAS.

To combat this threat, Synology PSIRT is collaborating with relevant CERT organizations to gather more information and shut down the known command and control (C&C) servers associated with the malware. Simultaneously, Synology is proactively notifying potentially affected customers about the situation.

In light of these developments, Synology strongly advises all system administrators to take immediate action to safeguard their systems. Here are some recommended steps:

1. Examine System Credentials: System administrators should thoroughly review their systems for weak administrative credentials. It is crucial to ensure that strong and unique passwords are in place.

2. Enable Auto Block and Account Protection: Utilize the auto block feature provided by Synology to prevent repeated login attempts. Additionally, enable account protection measures to enhance security.

3. Implement Multi-Step Authentication: Where applicable, set up multi-step authentication for added layers of protection. This will require users to provide additional verification beyond just a password.

If system administrators detect any suspicious activity on their devices, it is imperative to contact Synology technical support immediately for prompt assistance.

By following these recommended security measures, system administrators can significantly reduce the risk of falling victim to brute-force attacks and protect their valuable data.

For more information on how to add extra security to your Synology NAS and additional security tips to safeguard your data, please visit our blog.

Remember, maintaining a proactive approach to cybersecurity is crucial in today’s evolving threat landscape. Stay vigilant and prioritize the security of your Synology devices.

Note: This article is based on recent findings by Synology PSIRT regarding increasing brute-force attacks targeting Synology devices. For more details about Synology and its products, please visit their official website.

[Remove “About” section and contact details]

About Our Team

Our team comprises industry insiders with extensive experience in computers, semiconductors, games, and consumer electronics. With decades of collective experience, we’re committed to delivering timely, accurate, and engaging news content to our readers.

Background Information

About Synology: Synology is a Taiwanese pioneering technology company for its innovative network-attached storage (NAS), Storage, IP surveillance solutions, and robust network equipment. With a steadfast commitment to delivering secure, reliable, and user-friendly solutions, Synology empowers individuals and businesses alike to effortlessly manage, safeguard, and share their data in a connected world. Synology's comprehensive range of products caters to various needs, from personal storage to enterprise-level data management, setting new standards for data accessibility, security, and collaboration.

Synology website  Synology LinkedIn

Technology Explained

NAS: Network Attached Storage (NAS) is a specialized storage device or server that provides centralized data storage and access over a network, usually using Ethernet connections. NAS systems are designed to offer a convenient and efficient way to store and share files among multiple users or devices within a home or office environment. Unlike traditional storage solutions, NAS devices operate independently and have their own operating systems and management interfaces. They are characterized by easy setup and configuration, making them accessible even to users with limited technical expertise. NAS devices can offer various features, including data redundancy through RAID configurations, remote access over the internet, automatic backup, media streaming, and even application hosting in some advanced models. As a versatile and user-friendly storage solution, NAS has become a popular choice for both personal and small business use.

Leave a Reply