Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. Qihoo 360’s Network Security Research Lab (360 Netlab) found 4,297,426 potentially vulnerable QNAP NAS devices online using the company’s 360 Quake cyberspace mapping system. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched in October 2020.
Source: https://www.bleepingcomputer.com/news/security/unpatched-qnap-devices-are-being-hacked-to-mine-cryptocurrency/