QNAP warned users this week of attacks targeting QNAP NAS (network-attached storage) computers with a “dovecat” piece of malware.
The supplier of networking and storage solutions says it received complaints from users who were infected with the malware on their computers and, after investigating the attacks, found that the root cause of the infection was the use of poor passwords on Internet-connected devices.
QNAP states that the cybercriminals behind dovecat mount Bitcoin miners, without user permission, on the infected NAS computers.
The organisation found out in a November 2020 knowledge base article that consumers of any NAS model series will find possible compromises by searching for a dovecat mechanism running on their computers.
At the time, the company also advised users to disclose all detected infections and to ensure that the new NAS firmware and Malware Remover versions are running.
The organisation also advised users this week to upgrade the QTS operating system to the latest version, instal and execute Security Advisor with Intermediate Security Policy (or higher), instal a firewall, and allow Network Access Control so that accounts are secured from attacks by brute force.
In addition, users can ensure that clear administrator keys are set on their computers and that, along with all other unused utilities and applications, all SSH and Telnet services that are not in operation are disabled.
QNAP also advises users that default port numbers (such as 80, 443, 8080, and 8081) can be avoided and enables them to increase the protection of their NAS devices by adopting best practises that have already been detailed by the organisation.
These activities will further boost the security of the NAS and make it more difficult for dovecat to access the QNAP NAS,” the company says, adding that it focuses on developing a solution that will help users remove from the infected devices the dovecat malware.”
