Synology, a well-known manufacturer of Network Attached Storage (NAS) devices, is warning customers that malicious parties have recently been carrying out more and more brute force attacks against Synology network equipment. Researchers state that they use a botnet called StealthWorker for this. There is no indication that the attackers are exploiting vulnerabilities in the software.
Hackers and cybercriminals try a variety of ways to penetrate corporate networks, computer systems and servers. A commonly used method is a brute force attack. In doing so, the attackers use specially developed software to enter an unlimited number of usernames and password combinations, until there is a match. The perpetrators often obtained this data through previous data breaches at companies and organizations or bought it on the dark web.
Malicious parties have been trying more and more to crack Synology NAS equipment lately. By continuously firing usernames and passwords, they try to gain access to the Taiwanese manufacturer’s storage devices. Once inside, the perpetrators install StealthWorker malware. Infected devices are added to the botnet and can participate in attacks against other Linux-based devices, such as the NAS products sold by Synology.
Synology says it is working with Computer Emergency Response Teams (CERT) to take down the infrastructure behind the StealthWorker malware. At the same time, the company is approaching customers who may have been affected by this malware. Synology advises system administrators to scan their system for weak passwords, enable autoblock and account protection, and if possible, set up two-step verification (MFA). System administrators who have detected suspicious activity on their devices are recommended to contact Synology Technical Support.
A botnet is a network of infected computers. These infected computers are also known as zombies. Computer owners often don’t even realize that their hardware is part of a botnet. The person who controls the computers in the network is called a botmaster. He can use it to perform a Distributed Denial of Service or DDoS attack. This shuts down servers and websites by bombarding them with huge amounts of connection requests.
In addition to a DDoS attack, a botnet can also be used to flood internet users with spam messages. The perpetrators use so-called Command & Control servers (C&C servers) for this. These servers are the nerve centre or headquarters from which hackers receive stolen data and send spam. With spam messages, scammers try to obtain as much personal information as possible from unsuspecting victims. This form of cybercrime is also known as phishing.
Botnets are not only dangerous for companies and institutions, but also for citizens. That is why people are working with all their might to take botnet servers off the air. And with success. According to Spamhaus, the number of C&C servers worldwide fell nearly 20 per cent in the second quarter from 1,660 to 1,329. In our country, the number of botnet servers fell by 19 per cent from 207 to 168.
In January, the Dutch police took part in an international campaign to take the Emotet botnet offline. Two of the botnet’s three main servers were located in our country and were taken over by the police. Agents then placed an update on the servers that rendered the malware harmless. In addition, the police created the Emotet checker: a tool where victims could see if their email address was in the attackers’ database. In total, there were more than 600,000 victims on the servers.
Catch up on more articles here
Follow us on Twitter here