The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) today issued an alert about the risks of infection faced by QNAP NAS devices if QSnatch malware attacks restart.
Although the attack infrastructure used in previous QSnatch attacks (from early 2014 to mid-2017 and from late 2018 to late 2019) is currently not active, the two agencies urge all QNAP customers to update their NAS devices as soon as possible to block future campaigns.
"All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the two agencies explain (1, 2).
"Organizations that are still running a vulnerable version must run a full factory reset on the device prior to completing the firmware upgrade to ensure the device is not left vulnerable," the joint alert warns.
The two agencies have found roughly 62,000 infected devices worldwide in mid-June 2020, of which about 7,600 were found in the United States and 3,900 in the United Kingdom.