ZDNet reports that network-attached storage devices built by Taiwanese hardware firm QNAP are being subjected to a wave of attacks that use a cryptocurrency mining malware known as UnityMiner. The attack was first reported on March 2 by researchers at 360Netlab, who pointed to two vulnerabilities identified as CVE-2020-2506 and CVE-2020-2507. QNAP said the flaws comprise a command injection vulnerability and improper access control, which threat actors can capitalize on to initiate remote code execution and take over the NAS devices. The UnityMiner malware reportedly uses a version of the open source XMRig Monero miner malware and is capable of hiding its activities on a compromised device by altering reported CPU memory use. The miner is currently compatible with ARM64 and AMD64 CPUs and uses half of available cores for mining. 360Netlab researchers claim that “hundreds of thousands” of NAS devices created by QNAP remain unpatched and online, and a recent online mapping scan revealed more than 4 million QNAP NAS devices that are potentially vulnerable to attacks.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
SecurityWeek reports that SAP systems have been subjected to a 400% increase in ransomware attacks during the last three years, while hacker forum conversations regarding SAP vulnerabilities and SAP-specific cloud and web services rose by 490% and 220%, respectively, over the same period.