Synology® And Twcert/Cc Jointly Announce Their Collaboration With International Cybersecurity Organizations

date

19-Aug-2019

Synology® and the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) jointly announced the recent ransomware attack, where the attacker obtained admin credentials by brute force and encrypted the data on various brands of NAS (Network Attached Storage), was under control after they took down the C&C server on July 22, thanks to the collaboration with international cybersecurity organizations. Synology and the TWCERT/CC urge all NAS users to reinforce system security settings to keep their data safe.

“Synology has always made protecting user data our first priority,” said Ken Lee, Manager of Security Incident Response Team at Synology Inc. “As a long-term active participant in the international cybersecurity community, Synology was able to promptly collaborate with international cybersecurity organizations when the attack launched, preventing it from turning into an outbreak.”

Synology began to receive user reports since July 19 indicating that the data on their NAS was encrypted by ransomware. The investigation report showed that the attacks weren’t based on DSM system vulnerabilities. Instead, they targeted those using weak passwords of the system default admin accounts. After the attacker gained admin access, they encrypted the files and asked for ransom. On July 22, there were dozens of affected Synology users reporting this attack to the Global Technical Support Department, and Synology estimated that over ten thousand different brands of NAS around the world may be exposed to risks and can be potential targets in this attack. On the same day, Synology traced and connected to the attacker’s C&C server, notifying the TWCERT/CC at the same time to initiate international collaboration. On July 26, with the information provided and forwarded by Synology and TWCRET/CC respectively, CFCS-DK identified the source of the attack and removed the C&C server.

“TWCERT/CC reacted promptly, obtained incident reports to initiate the international collaboration, and controlled the situation at an early stage, all thanks to our long-term partnership,” said Joy Chan, the director of the TWCERT/CC. “We look forward to seeing more brands follow in Synology’s footsteps to set up product safety teams and actively interact with cybersecurity organizations.”

Even though this matter is already under control, Synology suggested that all NAS users regardless of the brands strengthen data security by taking the following measures:
• Enable firewall and only connect to the Internet when necessary.
• Set up 2-step verification to prevent unauthorized login attempts.
• Disable the system default "admin" account.
• Use a strong password, and apply password strength rules to all users.
• Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
• Run Synology Security Advisor to make sure there is no weak password in the system.
• Perform multi-version backup using Synology Hyper Backup, backing up the data on your NAS to multiple destinations such as on-premises storage, remote folders, and public cloud.

Event timeline
7/19
• Synology received user reports saying that the data on their NAS was encrypted by ransomware.
• The report investigation ruled out possibilities that the attacks resulted from DSM system vulnerabilities; instead, the attacks were launched using brute force.

7/22
• Dozens of affected Synology users reported this attack to the Global Technical Support Department.
• Investigated and estimated that over ten thousand different brands of NAS around the world may be exposed to risks and can be potential targets in this attack.
• Synology traced and connected to the attacker’s C&C server.
• Synology notified the TWCERT/CC to request an international collaboration.

7/26
• The TWCERT/CC reported and collaborated with the CFCS-DK in Denmark, and took down the attacker’s C&C server according to the IP address.
• Follow-up observation showed that the number of attacked users is slowing down.
 

Latest Press Releases

Interested people can participate in the challenge through DSC's Dubai Cycling app

..

11-Apr-2020

A gesture of appreciation to healthcare workers at the forefront

..

10-Apr-2020

Dubai to play its important role in supporting global aviation recovery

..

13-Apr-2020

Dr Farida Al Hosani called on the nation’s youth to volunteer

..

16-Apr-2020

UAE and KSA markets report increase in online orders

..

16-Apr-2020

Further development of the education sector a priority

..

09-Apr-2020


Most Viewed Recent Press Releases

Further development of the education sector a priority

[1347 views]

A gesture of appreciation to healthcare workers at the forefront

[1197 views]

Interested people can participate in the challenge through DSC's Dubai Cycling app

[1122 views]

Measure ensures safety of more than 77,000 people living in DSO

[1071 views]

Services to support residents in need of healthcare

[1056 views]


Related Links_


Google ADS

Other Info_

..

Health Care

Multi Specialty medical facilities, government hospitals & private clinics

..

Education

Nurseries, Kindergardens, Schools, Colleges, Universities & Higher Education

..

Popular Restaurants

Dining in Dubai - selection of restaurants where you can relax & enjoy a variety of cuisines of choice

Jobs at Dubai_

Find latest Dubai Jobs & Vacancies from placement agencies, employers & recruitment consultants in Dubai, Abu Dhabi & other Emirates in UAE.

Dubai Tours & Packages_

Book quality Dubai tours, best Dubai holiday packages with visas & Dubai hotel booking with special offers & discounts

Warnning

Unsupported Browser

This website includes CSS elements that your browser does not support. Please upgrade your browser to a current version, then come back and try again.

Upgrade your Browser for more experience

Chrome Firefox Safari Edge