According to an article recently published by CSO online, a recent investigation has uncovered the efforts of a group of hackers who have been attacking web servers with "_network attached storage devices_" weakened by the Shellshock Bash vulnerability. The article indicates that these attacks have been launched against networks within educational institutions in the United States, Japan, and Korea.
According to the CSO report, this "publicly disclosed security weakness_" – embedded in the devices have and given "_default_" administrative privilege by their manufacturer QNAP – was exploited by thehackersand discovered by researchers atFireEye, experts in cybersecurity and malware protection. According to the investigator's findings, the article states that as soon as the server has been compromised and determines the administrative credentials, they obtain "_full control of the device."
One of FireEye's security researchers, Josh Gomez, was quoted in the article to say, "They (QNAP) acknowledged this particular vulnerability on their website." FireEye's threat researcher James Bennett stated that since the hackers knew the existence of the vulnerability, "theattackersscanned the devices forShellshockand downloaded malware using autostart script provided by the manufacturer." Bennett continued to say in the article, "The attackers did some research on these devices." The report noted that these attacks were the first that "FireEye has seen targeting NAS devices." Researchers confirmed the attraction to these devices is due to the "_amount of data stored in them._. "