Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Synology warns of malware infecting NAS devices with ransomware

Synology warns of malware infecting NAS devices with ransomware

Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks that lead to ransomware infections.

According to Synology’s PSIRT (Product Security Incident Response Team), Synology NAS devices compromised in these attacks are later used in further attempts to breach more Linux systems.

“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware,” Synology said in a security advisory.

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

“Devices infected may carry out additional attacks on other Linux based devices, including Synology NAS.”

The company is coordinating with multiple CERT organizations worldwide to take down the botnet’s infrastructure by shutting down all detected command-and-control (C2) servers.

Synology is working on notifying all potentially impacted customers of these ongoing attacks targeting their NAS devices.

How to defend against these attacks

The NAS maker urges all system admins and customers to change weak administrative credentials on their systems, to enable account protection and auto block, and to set up multi-factor authentication where possible.

Synology rarely issues security advisories warning of active attacks against its customers. The last alert regarding ransomware infections following successful large-scale brute-force attacks was published in July 2019.

The company advised users to go through the following checklist to defend their NAS devices against attacks:

  • Use a complex and strong password, and Apply password strength rules to all users.
  • Create a new account in the administrator group and disable the system default “admin” account.
  • Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
  • Run Security Advisor to make sure there is no weak password in the system.

“To ensure the security of your Synology NAS, we strongly recommend you enable Firewall in Control Panel and only allow public ports for services when necessary, and enable 2-step verification to prevent unauthorized login attempts,” the company added.

“You may also want to enable Snapshot to keep your NAS immune to encryption-based ransomware.”

Synology provides more information on defending your NAS device against ransomware infections here.

Brute-force malware targeting Windows and Linux machines

While Synology did not share more information regarding the malware using in this campaign, the shared details line up with a Golang-based brute forcer discovered by Malwarebytes at the end of February 2019 and dubbed StealthWorker.

Two years ago, StealthWorker was used to compromise e-commerce websites by exploiting Magento, phpMyAdmin, and cPanel vulnerabilities to deploy skimmers designed to exfiltrate payment and personal information.

However, as Malwarebytes noted at the time, the malware also has brute force capabilities that enable it to log into Internet-exposed devices using passwords generated on the spot or from lists of previously compromised credentials.

Starting with March 2019, StealthWorker operators switched to a brute force-only approach scanning the Internet for vulnerable hosts with weak or default credentials.

Once deployed on a compromised machine, the malware creates scheduled tasks on both Windows and Linux to gain persistence and, as Synology, warned deploys second-stage malware payloads, including ransomware. 

While the NAS maker didn’t issue a security advisory, customers reported in January that they had their devices infected with Dovecat Bitcoin cryptojacking malware [12] starting with November 2020, in a campaign that also targeted QNAP NAS devices.

A Synology spokesperson was not available for comment when contacted by BleepingComputer earlier today for additional details regarding these attacks.

Also Read: 5 Types of Ransomware, Distinguished



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us