A recent investigation has uncovered the efforts of a group of hackers who have been attacking web servers with “network attached storage devices” weakened by the Shellshock Bash vulnerability, according to an article recently published by CSO online. The article indicates that these attacks have been launched against networks within educational institutions in the United States, Japan and Korea.
According to the CSO report, this “publicly disclosed security weakness” – embedded in the devices have and given “default” administrative privilege by their manufacturer QNAP – was exploited by the hackers and discovered by researchers at FireEye, experts in cyber security and malware protection. The article states, according to the investigators findings, as soon as the server has been compromised and determine the administrative credentials, they obtain “full control of the device.”
One of FireEye‘s security researchers, Josh Gomez, was quoted in the article to say, “They (QNAP) acknowledged this particular vulnerability on their website.” FireEye‘s threat researcher James Bennett stated that since the hackers knew the existence of the vulnerability, “the attackers scanned the devices for Shellshock and downloaded malware using autostart script provided by the manufacturer.” Bennett continued to say in the article that, “The attackers did some research on these devices.” The report said that these attacks were the first that “FireEye has seen targeting NAS devices.” Researchers confirmed the attraction to these devices are due to the “amount of data stored in them.“