UK/US Governments Warn of QNAP NAS Malware:
The UK and US governments have issued another joint cybersecurity alert, this time warning organizations about a strain of malware targeting network attached storage (NAS) devices from QNAP.
As of mid-June, the QSnatch malware (aka "Derek") had infected 62,000 devices worldwide, including 3900 in the UK and 7600 in the US, according to the notice from GCHQ's National Cyber Security Center (NCSC) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).
This is the result of two campaigns, one running from 2014 to mid-2017 and the other starting in late 2018.
[...] QSnatch apparently features a credential scraper, SSH backdoor, CGI password logger, webshell functionality and the ability to exfiltrate a predetermined list of files, including system configs and log files.
It is said to achieve persistence by modifying the system host's file to redirect domain names to out-of-date versions in order to prevent updates from installing on the NAS device itself.
The NCSC/CISA urged administrators to follow the guidance issued by QNAP last November.
[...] "Organizations that are still running a vulnerable version must run a full factory reset on the device prior to completing the firmware upgrade to ensure the device is not left vulnerable."
(Score: 5, Informative) by JoeMerchant on Wednesday July 29 2020, @01:37PM (11 children)
Their products seem like a good thing, but they're not.
Fatal flaw for me, discovered the hard way, was that when I installed a hard drive into their (Linux based) NAS, they needlessly formatted it in some proprietary scheme that meant: when the QNAP power supply died, my hard drive was inaccessible.
🌻🌻 [google.com]
(Score: 3, Funny) by RS3 on Wednesday July 29 2020, @02:14PM (3 children)
Oh that sucks. I'm sure that lovely tidbit was well disclosed before someone bought the thing? (that was sarcasm for those who are too literal).
Yeah, that just sucks. Maybe they think they're keeping peoples' data safe?
Someone needs to get a grant and do a study of people who are smart enough to build a company and product line, but not smart enough to prioritize things like better security and less trickery. But that's been going on forever so I'll stop dreaming now.
(Score: 3, Insightful) by Freeman on Wednesday July 29 2020, @02:59PM (2 children)
You say that like the trickery was an accident. The format into a proprietary scheme was definitely done on purpose. Sure, it might have been spun as a feature, but it was done to keep people in their system.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by RS3 on Wednesday July 29 2020, @03:28PM
Sorry you misunderstood, but that's exactly what I meant and why I used the word "trickery"- tricky gadgetry that benefits the company / provider more than the user, and largely unknown to the user. Again, pretty much the norm these days.
(Score: 2) by JoeMerchant on Wednesday July 29 2020, @03:39PM
Backfired in my case, but then I'm small fish and I was able to walk away from my data that had been essentially ransomwared - demanding that I either repair the power supply on my QNAP or (cheaper, easier) buy a new QNAP and hope that when I plug my drive in I can access it again.
This particular QNAP product "supported" external USB hard drives, which I'm pretty sure is part of how the power supply failed: overloaded by attaching external devices (still a faulty design, product said it supported such things, made no warning about load limits.) However, the external devices taught me: all data on that external USB drive, served by the QNAP, was universally accessible even after the QNAP died, it was only the data I installed on the drive internal to the NAS that got effectively ransomed.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Wednesday July 29 2020, @05:42PM (6 children)
AFAIK, Synology (and pretty much every other NAS product) uses only non-proprietary [synology.com] (ext4 [wikipedia.org], btrfs [wikipedia.org]) formats natively.
What's more, for extant filesystems/drives, Synology can, apparently, also read/write multiple other formats [synology.com]:
None of which (with the exception of NTFS) are proprietary formats.
(Score: 3, Informative) by PartTimeZombie on Wednesday July 29 2020, @11:30PM (3 children)
I just checked a backup from a QNAP NAS I have in my drawer, and it is formatted NTFS, which is not the best, but I can at least read the data from pretty much any device.
(Score: 0) by Anonymous Coward on Thursday July 30 2020, @04:08AM
NTFS [wikipedia.org] isn't a terrible filesystem.
And even though it's a proprietary format, Linux/BSD have decent NTFS filesystem support too.
Unless and until Microsoft decides that interoperability isn't in their best interests.
(Score: 2) by RS3 on Thursday July 30 2020, @04:15AM (1 child)
Q: did the QNAP NAS format the drive NTFS, or was the drive already NTFS and QNAP used it as is?
(Score: 2) by PartTimeZombie on Thursday July 30 2020, @09:46PM
The QNAP NAS did it, I am pretty sure.
(Score: 0) by Anonymous Coward on Thursday July 30 2020, @04:51AM (1 child)
Synology uses LVM and mdadm to configure their disks. If you are just expecting a regular partitioned drive, that could throw you off, but I find it surprising JoeMerchant couldn't handle it.
(Score: 1, Interesting) by Anonymous Coward on Thursday July 30 2020, @05:32AM
Just realized he said QNAP and you said Synology. So I looked, and QNAP also uses MDADM and LVM, according to their website.