OneCD wrote: ↑Fri Jan 28, 2022 3:51 am
dolbyman wrote: ↑Fri Jan 28, 2022 3:45 am
.. anyone ever heard of successful lawsuits/arbitration ?
Nope, but I've also never heard of a group bringing a suit against a company in these circumstances. Then again, I'm not a lawyer so that could be why I've never heard of one.
there is no legal basis, simply. It doesn't matter if they demand 10 or 10,000. Every system is vulnerable, it is practically impossible to hold responsible or sue a company because its software has security flaws. In the history of the Internet we have seen infinitely more sophisticated attacks and affecting a huge number including multinationals, governments... unless it could be shown that the company created a backdoor with malicious arts, there would be no case at all. If a company could be sued because programmers are human and it is totally impossible to create perfect software, programmers would not exist.
Regardless of all the affected users (which I understand is a big problem for them), this happens 24/7. Any device exposed to the Internet will be constantly bombarded with all kinds of "noise" produced by careless users, botnets, hackers, security experts... The vast majority of said noise is harmless, even malicious traffic is usually old and ineffective today in most cases. But as is natural when a "juicy" xploit appears, things get complicated and there is real danger. Almost all of these attacks are completely indiscriminate, they do not look for specific targets, they simply analyze the Internet in search of specific ports used by the service they want to attack, most of the time they do not even "search", they simply try.
This is the reason why exposing any application/service to the Internet on its default ports is the greatest recklessness that a home user can commit, be it a NAS, a Web Server/VPN/Telnet/SSH/FTP..., it is like putting a luminous sign on the door of the house so that the noise of the Internet reaches. upnp greatly enhances this, since if the listening ports are not correctly changed and all the services that are not really used are disabled, it can expose a large number of services to the Internet, and the more services exposed, potentially more services / applications vulnerable can be reached.
millercentral wrote: ↑Fri Jan 28, 2022 3:28 am
While pulling the NAS offline is the best defense, I wonder based on what has been learned if there would be value/peace of mind if a shell script expert could create a script that could monitor for the random file being added to /MNT/HDA_ROOT and immediately kill it/delete it if discovered?
It is not complex at all to create a small script to completely stop the attack, even to cut off communication with the attackers as soon as it is detected, without even allowing them to download or execute code on our NAS. The problem is that in order to solve all this, it is necessary to be able to "infect" yourself with the malware in a controlled environment, and in this way know what the attack vector is, affected services, networks from which the attacks are being carried out. .. until a real infection is caught and can be studied, everything else counts for little. At this point, a quick and simple solution could be launched to be protected while the bug involved is resolved by QNAP
