Skip to main content

Hackers Are Using Unpatched NAS Devices To Mine Bitcoin

By March 22, 2021May 11th, 2022Cybersecurity

In late 2020, QNAP discovered a pair of critical security vulnerabilities that would allow hackers to take remote control over network attached storage devices (NAS). In this particular instance, the hackers chose not to encrypt files and demand payment or cause other mayhem. Instead, they made slaves of the devices and put them to work mining Bitcoin on their behalf, quietly creating little profit centers for themselves, scattered all over the web.

The company patched the vulnerabilities before the end of 2020, but according to industry statistics, there are still millions of unpatched NAS devices out there. In fact, security researchers at 360 Netlab found evidence of cryptomining software on unpatched QNAP devices as late as March 3 of this year (2021).

If you have a QNAP and you’ve been noticing degraded or disappointing performance of late, it pays to check to see when you last updated your firmware. As an added security measure, change the passwords for all accounts on the device as well.

In fact, while you’re conducting your review, if you spot an account associated with the device that you do not recognize, remove it, If you haven’t done so already, set up an access control list for the device by going to the Control Panel, clicking on “Security” and then establishing security levels as appropriate.

360 Netlab did an exhaustive search and discovered just over four million NAS devices that had yet to be patched and were thus vulnerable to this kind of attack. It pays to make sure that you don’t own one of the remaining vulnerable ones. If you do, it’s not really a question of if you will be attacked and your drive put to work in the service of others, but when. Download the latest firmware and install today if you haven’t done so already.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.