The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cybersecurity Centre (NCSC) have issued an alert regarding the QSnatch malware that affects QNAP NAS devices, urging all device owners to apply the latest security patch from the device manufacturer. A network-attached-storage (NAS) device is a device that is connected to a network, residential or commercial, that provides a centralized data storage location for network users. QSnatch is a malware targeting a vulnerability in unpatched devices that was most active between early 2014 to late 2019, but has seen a resurgence as of late. There are still around 62,000 unpatched QNAP devices that are vulnerable to attack and are accessible over the Internet. QSnatch has the capabilities to steal user credentials, install a web shell to provide remote access, inject malicious code retrieved from its Command and Control (C2) server, steal files and install a fake device admin login page to phish for credentials. Once a device is infected, QSnatch will block all incoming software updates to prevent any malware removers from running.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security