QNAP warns customers of ongoing attacks targeting network-attached storage devices. Threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials. The company advises customers to secure their NAS devices by changing the default access port number, using strong passwords for their accounts, enabling password policies, and disabling the admin account targeted in these ongoing attacks. NAS devices are an attractive target since they are usually used to backup and share sensitive files.
Source: https://www.bleepingcomputer.com/news/security/qnap-warns-of-ongoing-brute-force-attacks-against-nas-devices/