Trafficon, the Finnish Transport and Communciation agency & National Cybersecurity Center is reporting that new malware known as QSnatch is infecting Network Attached Storage devices.
QSnatch Malware Infects Thousands of NAS Devices, Steals Credentials – by @sergheihttps://t.co/EHVyUluS2g
— BleepingComputer (@BleepinComputer) October 31, 2019
Although the mechanisms by which QNAP spreads are unclear at this time, the fact that it steals usernames and passwords for all NAS users is very concerning. Any organization that has fallen victim to this infection must proactively begin to look for credential misuse. Bad actors who have stolen valid credentials will use them to try an gain access to other resources. As a best practice, network traffic analysis (NTA) should be implemented within the organization. NTA can baseline normal credential use, then by applying security algorithms, can identify when bad actors are trying to move laterally and gain a foothold on other resources.