QNAP extends support for older NAS devices amid surge in attacks

Only high-severity NAS security flaws are addressed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

QNAP has decided to extend support for some of its network-attached storage(NAS) devicesthat had reached end of life (EOL), but the additional support does come with a caveat.

Businesses sporting unsupported devices will get until October this year to upgrade, but even with extended support, only certain risks will be mitigated.

“EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,“BleepingComputercited the Taiwanese NAS maker as saying.

Addressing high severity vulnerabilities only

“Due to these reasons, QNAP normally maintains security updates for four years after a product passes its EOL date. As a special effort to help users protect their devices from today’s security threats, QNAP has extended security updates for some EOL models till October 2022.”

These updates, however, will only address high-severity and critical vulnerabilities, meaning some relatively dangerous flaws might still make it through withmalware.

In the same announcement, the company warned customers not to expose EOL NAS devices to the internet, as they might easily be targeted by malicious actors already acquainted with certain unpatched vulnerabilities.

QNAP says it is working on patches for OpenSSL bugs impacting its NAS devices>QNAP NAS devices left encrypted by Deadbolt ransomware>QNAP NAS devices hit with surge of ransomware attacks

Owners of EOL NAS devices should do these two things to defend from attacks, QNAP suggested:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Disable the Port Forwarding function of the router (in the router’s management interface, check the Virtual Server, NAT, Port Forwarding settings, and disable the port forwarding settings for port 8080 and 433); Disable the UPnP function of the QNAP NAS (on the QTS menu, navigate to myQNAPcloud > Auto Router Configuration, and unselect “Enable UPnP Port forwarding.”

In late December last year, some QNAP NAS device owners were targeted by the eCh0raixransomware. The threat actors were allowed to create a user in the administrator group, after which they managed to encrypt all the files on the NAS system. A free decryptor is available online, but only for older versions of the ransomware.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin