If you have a network hard drive (NAS) from D-Link, it might be time to check if your data is safe. A flaw allows certain models to be used in a botnet army.
Knowing that the data stored on your NAS is accessible via three small clicks to any hacker on the Internet is not reassuring. However, this is indeed the case for 92,000 device models once sold by the manufacturer D-Link. Best known for its routers and other accessories, the Taiwanese company currently finds itself in the middle of an embarrassing controversy due to a bug present in some of its devices.
Mirai strikes again
The 320L, 325, 327L and 340L models are indeed vulnerable to a simple “flaw” which allows you to identify yourself on a device connected to the internet and gain administrator privileges to then make it execute any command remotely. It is in fact possible to easily identify yourself on the connection portal of these models with a user account written “hard” in the code and without a password. Then, by manipulating a very specific settings file, it is possible to gain full access to the NAS and transform it into a zombie machine in a botnet network.
This is actually exactly what is happening at this very moment, since based on findings from GreyNoise security experts, nearly 100,000 devices are currently infected with Mirai malware, which allows denial of service (DDOS) attacks to be launched on any site. All without the legitimate user having the slightest idea of what is happening within their system.
More supported machines
To make matters worse, most of these NAS are at least 10 years old, they are no longer supported by D-Link and no longer receive security updates. This means that if your machine is already corrupted, the best way to protect it and take it offline as quickly as possible to avoid any problems.
If you have one of the NAS listed and you want to continue using it, at least make sure that it is not accessible from the web to avoid any unpleasant surprises.
Source : Bleeping Computer
3