Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

QNAP Urges Users to Secure Devices Against Brute-Force Attacks

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks.

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks.

Recognized globally for its network-attached storage (NAS) and professional network video recorder (NVR) solutions, the Taiwan-based company has long advocated for improved device security in the face of various threats.

This week’s alert, the company underlines, has been published after a growing number of users reported that their devices have been targeted in brute-force attacks.

“QNAP urges its users to take immediate action to enhance the security of their devices. These actions include using strong passwords, changing the default access port number, and disabling the admin account,” the device manufacturer says.

QNAP also reveals that users have been complaining about adversaries attempting to log into QNAP devices by trying out a broad range of possible password combinations for the identified user accounts.

“If a simple, weak, or predictable password is used (such as ‘password’ or ‘12345’) hackers can easily gain access to the device, breaching security, privacy, and confidentiality,” QNAP says.

Additional steps that users can take to ensure that their devices are not targeted include keeping them away from public networks and ensuring that no default network ports are used for public services.

Furthermore, QNAP recommends that users set complex passwords for their accounts, that password policies are enabled, and that the admin account is disabled. These steps, the company says, can improve device security and mitigate brute-force attacks.

The device manufacturer also published an FAQ to provide users with additional information on how they can detect unauthorized login attempts on their devices, and on the steps they can take to prevent hackers from accessing the targeted device.

All users should remember that the use of weak passwords can render any device vulnerable to brute-force attacks, not only QNAP products. To prevent the use of common passwords, some tech companies have adopted policies that force users to choose stronger protections for their accounts.

Related: QNAP Warns NAS Users of ‘dovecat’ Malware Attacks

Related: Hackers Are Targeting a Three-Year Old Vulnerability in QNAP NAS Devices

Related: US, UK Warn of Malware Targeting QNAP NAS Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...