July 28, 2020
NCSA and CISA issue a joint alert on the malware QSnach, targeting QNAP NAS devices
A joint alert has been issued by the U.K National Cyber Security Centre (NCSC) and the U.S Cybersecurity and Infrastructure Security Agency (CISA) detailing potential legacy risks posed by a malware called QSnach to NAS devices manufactured by QNAP.
- Qsnatch malware was first identified in 2014 and then in late 2019, impacting thousands of devices worldwide. (For the full information)
- Although the actual infrastructure used by the attackers is no longer active, all unpatched QNAP NAS devices remain vulnerable to the malware and must be updated with the latest security fixes.
- A successful attack on a device will impact its ability to run firmware updates, which can especially harm organizations. The attacker can steal log files and system configuration information, execute arbitrary codes on the device, and gain remote access.
- Samples of QSnach identified online include shell scripts (SH) and shell script compiler (SHC).
- The following risk-mitigating steps are recommended:
- Make sure QNAP devices are purchased from reputable sources;
- Run a full factory reset on a device before completing firmware upgrade;
- Block external connections when the device is to be used only for internal storage.