Taiwanese network-attached storage (NAS) devices maker QNAP on
Thursday warned its customers of a fresh wave of DeadBolt
ransomware attacks.
The intrusions are said to have targeted TS-x51 series and
TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1,
according to its product security incident response team.
“QNAP urges all NAS users to check and update QTS to the latest
version as soon as possible, and avoid exposing their NAS to the
internet,” QNAP said[1]
in an advisory.
This development marks the third time QNAP devices have come
under assault from DeadBolt ransomware[2]
since the start of the year.
In late January, as many as 4,988 DeadBolt-infected QNAP devices
were identified, prompting the company to release a forced firmware
update. A second uptick in new infections was observed[3]
in mid-March.
DeadBolt attacks are also notable for the fact that they
allegedly leverage zero-day flaws in the software to gain remote
access and encrypt the systems.
According to a new report[4]
published by Group-IB, exploitation of security vulnerabilities in
public-facing applications emerged as the third most used vector to
gain initial access, accounting for 21% of all ransomware attacks
investigated by the firm in 2021.
References
- ^
said
(www.qnap.com) - ^
DeadBolt
ransomware (thehackernews.com) - ^
observed
(censys.io) - ^
new
report (www.group-ib.com)
Read more https://thehackernews.com/2022/05/qnap-urges-users-to-update-nas-devices.html