Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks.
Recognized globally for its network-attached storage (NAS) and professional network video recorder (NVR) solutions, the Taiwan-based company has long advocated for improved device security in the face of various threats.
This week’s alert, the company underlines, has been published after a growing number of users reported that their devices have been targeted in brute-force attacks.
“QNAP urges its users to take immediate action to enhance the security of their devices. These actions include using strong passwords, changing the default access port number, and disabling the admin account,” the device manufacturer says.
QNAP also reveals that users have been complaining about adversaries attempting to log into QNAP devices by trying out a broad range of possible password combinations for the identified user accounts.
“If a simple, weak, or predictable password is used (such as ‘password’ or ‘12345’) hackers can easily gain access to the device, breaching security, privacy, and confidentiality,” QNAP says.
Additional steps that users can take to ensure that their devices are not targeted include keeping them away from public networks and ensuring that no default network ports are used for public services.
Furthermore, QNAP recommends that users set complex passwords for their accounts, that password policies are enabled, and that the admin account is disabled. These steps, the company says, can improve device security and mitigate brute-force attacks.
The device manufacturer also published an FAQ to provide users with additional information on how they can detect unauthorized login attempts on their devices, and on the steps they can take to prevent hackers from accessing the targeted device.
All users should remember that the use of weak passwords can render any device vulnerable to brute-force attacks, not only QNAP products. To prevent the use of common passwords, some tech companies have adopted policies that force users to choose stronger protections for their accounts.