Slashdot Mirror
Malware Infects 70% of Seagate Central NAS Drives, Earns $86,400 (softpedia.com)
An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet. The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency... The crooks made over $86,000 from Monero mining so far.
The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."
The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."
sed s/"IoT//g
Any device, be it IoT, a client, server, network device, or anything has this problem. In my experience, security is perceived to have no ROI, so at best it gets lip service, at worse, it is obviously ignored. I have seen "encryption" where all zeroes were used as AES keys for all operations, 4096 bit keys that were really sixty-four, 64-bit RSA keys (really giving 70 bits of security), tons of added stuff, no OS firewalling, disinterest in any updates, locking down firmware where no updates can be performed (this is extremely routine, because it adds planned obsolesce, and companies have zero responsibility to provide them, even if there is a major, show-stopper bug.)
The best device on the Internet is no device. Next to that, it is having devices placed between hardened firewalls, only communicating to a few machines, real secure mechanisms for updates [1], and so on. Ideally devices should communicate to a hardened hub, and the hub handles everything else.
[1]: Back in the 1990s, RSA was not prevelant, so motherboard makers actually had to use real security. No motherboard flashing could be done until a physical switch was flipped. This may not be possible for all devices, but it should be considered part of the flashing process, to stop rogue firmware "upgrades."