{"id":320280,"date":"2021-08-09T18:44:24","date_gmt":"2021-08-09T15:44:24","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/synology-nas-devices-under-attack-from-stealthworker-botnet\/"},"modified":"2021-08-09T18:44:24","modified_gmt":"2021-08-09T15:44:24","slug":"synology-nas-devices-under-attack-from-stealthworker-botnet","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/synology-nas-devices-under-attack-from-stealthworker-botnet\/","title":{"rendered":"#Synology NAS Devices Under Attack From StealthWorker Botnet"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e1810e04c5\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e1810e04c5\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/synology-nas-devices-under-attack-from-stealthworker-botnet\/#Whats_Happening_With_Synology_and_StealthWorker\" >What\u2019s Happening With Synology and\u00a0StealthWorker?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/synology-nas-devices-under-attack-from-stealthworker-botnet\/#How_Can_You_Stay_Safe\" >How Can You Stay Safe?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Synology NAS Devices Under Attack From StealthWorker Botnet&#8221;<\/strong><\/p>\n<div>\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-746877\" srcset=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/08\/synology-drive-close.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/08\/synology-drive-close.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/08\/synology-drive-close.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Close up of Synology drive\" width=\"1200\" height=\"675\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\">Lukmanazis\/Shutterstock.com<\/span><\/figcaption><\/figure>\n<p>Popular\u00a0NAS maker Synology has warned its users that the StealthWorker botnet is targeting the devices made by the company. The ongoing brute-force attack could ultimately lead to ransomware infections on certain systems.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Whats_Happening_With_Synology_and_StealthWorker\"><\/span>What\u2019s Happening With Synology and\u00a0StealthWorker?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>According to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.synology.com\/en-global\/company\/news\/article\/BruteForce\/Synology%C2%AE%20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet\">Synology\u2019s\u00a0Product Security Incident Response Team<\/a> and reported by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/synology-warns-of-malware-infecting-nas-devices-with-ransomware\/\">Bleeping Computer<\/a>, the company has seen an increase in brute-force attacks against Synology devices. It believes that the StealthWorker malware is primarily responsible for the recent attacks.<\/p>\n<p>Computers infected with\u00a0StealthWorker are connected to a botnet that will perform brute-force attacks.<\/p>\n<p>The company says that the attacks are based on\u00a0a number of devices infected with the StealthWorker malware. The StealthWorker malware is using these machines to try and guess common administrative credentials. If it succeeds, it will install its malicious payload, which could include ransomware.<\/p>\n<p>From there,\u00a0additional attacks could occur on other Linux-based devices, including Synology NAS products.<\/p>\n<p>Synology was quick to point out that it \u201chas seen no indication of the malware exploiting any software vulnerabilities.\u201d Meaning, there isn\u2019t a software hole left by the company that\u2019s being exploited, but rather, it\u2019s the existing infections causing the problems.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_Can_You_Stay_Safe\"><\/span>How Can You Stay Safe?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you use a Synology NAS device, staying safe from these attacks is relatively easy. The company recommends that all users check their system for weak administrative credentials and change them if necessary. This <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lies to both residential users and system administrators. Synology also recommends enabling\u00a0auto block and account protection. Finally, you should\u00a0set up multi-step authentication when possible.<\/p>\n<p>If you\u2019ve found any evidence of suspicious activity on your devices, you can reach out to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/account.synology.com\/support\">Synology support<\/a> for help.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/746871\/synology-nas-devices-under-attack-from-stealthworker-botnet\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Synology NAS Devices Under Attack From StealthWorker Botnet&#8221; Lukmanazis\/Shutterstock.com Popular\u00a0NAS maker Synology has warned its users that the StealthWorker botnet is targeting the devices made by the company. The ongoing brute-force attack could ultimately lead to ransomware infections on certain systems. What\u2019s Happening With Synology and\u00a0StealthWorker? According to Synology\u2019s\u00a0Product Security Incident Response Team and reported&#8230;<\/p>\n","protected":false},"author":1,"featured_media":320281,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/08\/synology-drive-close.png?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-320280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/320280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=320280"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/320280\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/320281"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=320280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=320280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=320280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}