Sophos researchers say they’ve uncovered a malware strain that targets Seagate’s network-attached storage appliances and turns them into distribution points for cryptocurrency-mining malware. IT security experts from Redscan, ESET and Lieberman Software commented below.
Robert Page, Lead Penetration Tester at Redscan:
“Mal/Miner-C is a type of malware that spreads by exploiting default login credentials, such as weak and frequently used passwords, to install malicious files.
The creators of this malware are not specifically targeting Seagate NAS devices but given that these devices are known to have poor default credentials, owners of these devices are particularly vulnerable to attack.
Default account credentials such as ‘Admin’ and Guest’ in embedded devices are common and as such, users should be careful to check for the existence of such accounts before deploying a device on their computer network. Users of Seagate devices in particular, should exercise caution by disabling remote access to their device from the internet and avoid clicking on any unknown or suspicious zip files such as Photo.scr and info.zip.”
Mark James, Security Specialist at ESET:
“Attackers are always on the lookout for new and opportunistic ways to target devices and technology, this is often driven by consumer use. The need for additional storage plagues everyone, cloud is always an option of course but users like the idea of keeping storage local with options to backup offsite. NAS drives are becoming more popular and affordable and sadly people will often fail to change default logins or passwords in an attempt to use its native “plug and play” attraction. This leads to a problem that may present itself for malware looking to sit and spread itself through public folders on these devices. Once the device presents itself to the web, malware is able to utilise default access logins to enable itself to infect as many devices as possible.
Users like to access their data from everywhere and a NAS drive could enable the average user to share their data to friends and family with little effort or cost. The problem the manufacturers have is making it as easy as possible to achieve this goal without causing too many setup headaches.
If you want to mitigate these attacks, the first task on your list should be to review and modify any default passwords, ensure the latest firmware and software has been installed and check your user permissions are as restrictive as you need them to be. If you are not going to offer public access for either usage or configuration then turn off public and or remote access.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“Bad guys aren’t targeting Seagate NAS devices. We need to think of cybercrime like advertising today. No one is surprised anymore when they see ads crammed into the oddest spaces because we know advertisers want us to see as many ads as possible. The bad guys want to cram in as much malware as possible and they’ll do it anywhere they find a vulnerability.
These Seagate NAS devices may not have been as secure as some others, but are we sure people were applying the firmware updates from the manufacturer that may have helped? Did they change the default password that came with the device? If they are like most people, then we know they didn’t because most people aren’t proactive about security – especially on the consumer level. There may be blame for the manufacturer, but we better be very careful of our glass walls as we hurl our poor security accusation rocks at others.”