How NAS Devices Are Being Exploited
Network-attached storage devices are now found in most offices. NAS devices are generally used as backup drives, but can also be used to host websites and torrents, store data from surveillance cameras, and display media throughout a home or office.
Unfortunately, NAS devices tend to be a little more vulnerable, and have become a major in-road for hackers. The NAS device may contain all of a business’ data and is often connected to computers, IoT devices, routers, etc. In today’s world of remote work, the device is generally connected to the internet to act as a cloud server, increasing both convenience and risk.
Why Are NAS Devices Vulnerable?
NAS devices are particularly vulnerable to hackers. Back in 2014, security analyst Jacob Holcomb found vulnerabilities in NAS devices from 10 manufacturers, and at least half could be exploited without authentication. He found issues that included authentication bypasses, backdoor accounts, and poor session management.
In June 2020, the eCh0rix ransomware gang launched a wave of attacks against QNAP NAS Devices. They used an updated version of their software for which no decryption key was available. This is not the only strain that targets QNAP devices specifically; the company has issued firmware patches that address the vulnerability.
NAS devices tend to be ignored by users, resulting in many having default passwords and/or out-of-date firmware. Meanwhile, accessing them can encrypt somebody’s entire backups and the malware can potentially spread to other devices on the network. Vendors tend to use the same codebase across their devices, meaning that enterprise-grade NAS systems may be no more secure than consumer-grade.
While NAS Devices should be behind the firewall, making them less vulnerable than consumer-grade routers, they are still a major issue. Even less sophisticated hackers have found a point of entry; one group has been hacking older LenovoEMC stations that may have their management interface exposed without a password.
How Can you Protect your NAS Device?
NAS devices, by their nature, have to be connected to the internet. Some companies may find it best to keep the most sensitive data on a directly accessed drive connected to a system that is “air gapped.” This is not practical for most, of course. Fortunately, there are some very simple ways you can protect your NAS device(s) from hackers:
- Keep your firmware up-to-date. Although it can take a while for vendors to patch a vulnerability, hackers will continue to try and exploit it. If your firmware is not up-to-date you remain vulnerable to older exploits.
- Always change passwords. Never leave any network-connected device with its default password. Use a strong password or, better yet, a passphrase. Never use the same password on multiple devices.
- Disable the default admin account. Some NAS devices come with a default admin account with the username admin. Disable it and make a new one that has a username which is much harder to guess. This might seem to be a consumer-grade problem, but as already mentioned some vendors don’t offer different code.
- Enable two-factor authentication. Most NAS devices have the capability to do this. It makes it much harder for a hacker to break in through a user account.
- Make sure your NAS is using https. Ideally, find a device that has this set up by default. If not, make sure it’s turned on. You may need to get an SSL certificate.
- Consider making your NAS accessible to only the local network. This might not work if you have remote workers, although you can force people to use a VPN to connect.
- Set up a firewall. Your NAS device probably has a built-in firewall. Make sure it’s enabled and the settings are the way you want it. (Be aware that IP locking can cause problems if you have remote workers using home internet, as their IP will change if they have to reboot their router). You can, for example, tell it to reject any connections from outside the United States, or from certain high-risk countries.
- Enable DoS protection. This is usually turned off by default because of the high risk of false positives. It’s better to turn it on then whitelist known traffic sources.
Keeping your NAS device secure is pretty easy, but the most important thing to do is use strong passwords and keep firmware up-to-date. (Also, if you do get a ransomware attack, never pay the thieves. That just encourages them to keep doing it).
To find out more about securing NAS devices, dealing with ransomware, and how we can help you with your office’s cybersecurity issues, contact EVERNET today. We provide the best cybersecurity services to professional offices, and can help you keep your data safe.
Eric is a Business IT cybersecurity advisor, consultant, manager, integrator, and protector who founded EVERNET in 2007. Eric co-hosts a podcast called “Finance and Technology Insights by Brian & Eric” on YouTube. Eric is a regular contributor to the EVERNET blog, writing about the latest technology news and providing his expertise in cyber security prevention and management.