A massive botnet attack that impacts routers, NAS, IoT devices, and more was recently discovered that may impact Synology devices. Learn how to protect your NAS.
🎯 Hire me:
✅ Cybersecurity Advisory:
✅ Protect your Synology NAS:
🚀 🚀 UNIFI ROUTERS THAT SUPPORT NETWORK SEGMENTATION🚀 🚀
⚡ *UniFi Express (best for beginners):
⚡ *UniFi Cloud Gateway Max (best all-in-one solution):
⚡ *UniFi Dream Machine Pro:
⚡ *UniFi Dream Machine SE:
⚡ *UniFi Dream Machine Pro Max:
* These are affiliate links which means that I earn a portion of each sale at no cost to you. Thank you for your support!
🚀 Tutorials, comparisons, reviews:
⚡Best Synology NAS Devices:
⚡Product Recommendations:
🔔 Subscribe for more tech-related tutorials and overviews:
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
0:00 Intro
0:52 My Synology MAY Have Been Compromised
2:33 How my Test NAS is Exposed to the Internet
3:34 How the Botnet Attacks Worked
5:03 Were you impacted?
6:09 Recommended Mitigations
7:21 Network Segmentation
9:32 Confirmed Devices Impacted
11:13 Two Synology Settings to Validate
13:04 Other Device Impact & Final Thoughts
#synology #nas
[ad_2]
source
Network engineer here. I am going to repeat what I have been saying for a long while.
DONT EXPOSE YOUR NAS DIRECTLY TO THE INTERNET.
This is a MASSIVE security issue in and of itself. Ask yourself this question. Is the data you store on your NAS important to you?
If yes don't expose your nas to the internet.
MFA will NOT protect you from a vulnerability in the NAS itself.
If you need access to your data setup a home VPN via wireguard or openvpn on a raspberry pi and access your network that way. Don't give attackers a pivot point to the rest of your home network.
Great content as always! Thank you, as you are even in you videos. Too many synology fanboys these days. Mike Faucher is good as well.
Good stuff thanks
Your current settings isn’t necessarily proof for that, for instance upnp, wasn’t active at an earlier point in time. If someone was logged in as admin they could have enabled and the disabled. No malware, but how about exfiltration?
The advice of don't expose NAs to internet = put your files on Google Drive or Microsoft One Drive (or similar service)! From my point of view, using a NAS implies to access my data from the internet, otherwise I would have get a big HD and connet it to my PC for the same results. Why pay for a NAS and not able to access my files when I'm out of my home/office? Instead NAS users should be instructed and NAS companies as Synology should build their systems based on this principle to expose safely as possible their NAS to the internet. Otherwise it would be like to have a car in my garage and avoid to drive because I might have an accident. Well learn to drive safely and get a good insurance or do not buy a car!
Tank you!
So when you say don't connect the Synology to the internet how far do you go with that statement? Are you talking don't enable quickconnect or are you saying directly connect to the internet through something like port forwarding? Turning quickconnect definitely adds a lot of flexibility when your out & about. You could essentially do the same thing different ways like for example using tailscale. You could take what your saying to extreme to by putting your synology into a vlan & not allowing internet (which becomes a pain because of updates). Can you explain?
Is there a way to test if my nas was attacked or has some kind of malware installed and running?
Is there also a way to diagnose attacks on my router too? (Sorry, i feel like I'm a noob in this area).
I did have dmz enabled for my xbox for a few months in the hope that i had a better and faster connection for multiplayer gaming (cod servers suck). I'm not sure if a way to examine attacks on my xbox though.
I have some packages installed from syno community, are they checked thoroughly by the community before being made available?
Some people build their smart home based on Zigbee devices (smart switches, plugs). They are not a part of the LAN, they have a separate dedicated network, so they cannot theoretically access Internet.
Love the Idea of using a virtual DSM as honeypot. I thought about this too, but unfortunately No second ISP available
Thanks for another great informative video! So, you now make me wonder. I have Synology Routers and NAS’s. I only use Synology packages. I do use Tailscale and update it manually since it takes Synology a while to make the update available. I do have a VLAN with Primary, Guest, and IoT networks along with Firewall rule setup between them. I have a separate computer I’m using as a Plex server and that is the only port I am forwarding. Given all this and what you shared am I in pretty good shape or at great risk? Oh, of course I disabled the Admin account completely.
This is exactly why you can only connect to my nas with tailscale.
At least they’re not blowing up
Since Tailscale I only connect to my devices over Tailscale tunnels when I'm outside the house. So I'm "local" to the device like my Cameras / NAS etc. through this secure encrypted tunnel. I also have a rule in my PfSense Firewall that only allows connection from the IP addresses in my Tailscale network. It works fantastic for accessing my stuff remotely without exposing the devices to the internet because they are only exposed to my own internal network and Tailscale tunnels. The are on their own separate VLans as well for extra protection and 1-way access rules allowing secure LAN's to access insecure LAN's but not the other way around. With TP-Link Kasa devices and others that allow local control as well as remote control, you can actually trigger all your smart-home devices using LAN only and block them completely from the internet. Then connect to your Tailscale tunnel from your phone outside the house, and then you can control your Thermostat or Smart Plugs as though you were home without ever exposing these devices to the actual internet other than for the initial setup.
I have 6 security cameras around my home. Rather than segmenting my network, I have created a filter on my Synology router to restrict those cameras so that they can only access the NAS to which they send the captured event JPG's and MP4's and zero internet access. Do you think that is sufficient ?
DUH.
I checked my logs and saw my username accessed shared folders via smb3 through my laptop with my lan ip. I was asleep at these times. My firewall is set to block all IPs that aren’t on my LAN. Router UPNP was on without my knowledge. Does this sound like suspicious activity or is this routine connections for smb3?
What about Plex??
I thought security cameras were placed on a network that doesn't access the Internet. Use a second port on the Synology to join the security caamera network to get the video feed. Then the Synology has access to the Internet. That way you still have surveillance, but the cameras are not exposed to the Internet.
Does setting NexDNS on the router as the dns server help block this traffic if you use all their network protection lists?