Lens
Explorer
Sentry
Compass
On The Move
Lite
Agent
AI Engine
Cloud
About
Awards
Careers
Contacts
WEF MembershipThe Most Attacked Devices in Consumer Homes: Network Attached Storage (NAS) Security Review
As evidenced by our latest annual cybersecurity report, network-attached storage (NAS) devices attract an outsized number of attacks. An average NAS device is targeted hundreds of times more often than the average computer of smartphone.
Overall, NAS devices make up a very small proportion of devices: device intelligence data on 1.7 billion consumer devices shows that just 0.02% are NAS devices, which makes it even more astounding that network attached storage devices are targeted by over 10% of all threats.
No Such Thing as a Secure NAS?
Western Digital (WD) devices make up around half of all NAS devices in our data set and attract relatively few threats, but when we talk about overall threats to connected consumer devices, WD NAS devices are still targeted by a large number of attacks. Note: the two charts below show the top 25 brands by overall threats, which is why smaller NAS brands are not represented.
Now, if we look at network-attached storage devices, we’ll see that 97% of threats target just 5 device brands: Synology, QNAP, Seagate, Western Digital, and ASUSTOR.
The chart above does not take into account the number of devices in the data set, so we can look at the NAS device threat index to determine which brands of NAS are the relatively most, and least, secure.
Even though ASUSTOR NAS devices attract a small percentage of threats overall, its small device population makes it the most attacked NAS device brand. Western Digital devices have the lowest threat index among NAS device brands, making it the relatively safest of the most popular brands. Nevertheless, the overall brand threat index does show that Western Digital devices are still targeted a lot more often than the average connected device in a consumer’s home.
Why Aren’t NAS Devices More Secure?
There are a few reasons why NAS devices are targeted so often:
- NAS devices are often configured to make them more susceptible to attacks: they need to have ports opened for the owner to access data when away from home. With ports 8080 and 443 open, NAS devices are easily noticed by attackers.
- Users usually have to approve firmware upgrades, which adds significant delays to the patching process.
How CUJO AI Sentry Protects Every Device in the Home
CUJO AI Sentry is a machine-learning multi-layered cybersecurity solution that uses a combination of industry-leading threat intelligence and real-time analysis to block novel threats to all consumer devices on a protected network.
As most threats to IoT, including NAS, devices come from disreputable IP addresses, Sentry offers a few very efficient methods of protection. Our algorithms combine the highest quality threat intelligence sources with our real-life threat data from millions of Sentry deployments to block malicious attempts to remotely access NAS devices from disreputable IP addresses. Another protective layer prevents compromised NAS devices from participating in botnets or DDoS attacks.
On average, Sentry stops 8,112 threats every minute, 10.3% of which target network-attached storage devices. The largest network service providers partner with CUJO AI to provide their end-users (i.e., ISP customers) with robust AI-driven cybersecurity. Visit the ISP security hub for more data reports, articles, and useful insights.
NAS Brand Security
Asustor NAS Security
ASUSTOR NAS devices are the most attacked NAS devices, if we don’t count the discontinued Space Monkey devices. The brand has a relatively low number of active devices, which were targeted by DeadBolt ransomware last year. If you’re using ASUSTOR NAS devices, it’s a good idea to visit their product security advisory page and make sure you have the latest security updates installed on your devices.
Seagate NAS Security
Seagate has as sizeable NAS device population and, among the most popular brands is the most targeted device brand on average, according to our threat intelligence data. Quite a few famous hacks of this manufacturer’s devices has happened over the years, and we advise every Seagate NAS owner to check out their security advisory page to make sure they are using the latest patches.
QNAP NAS Security
QNAP NAS devices are also among the most attacked devices on average, with the latest critical security issue targeting a small number of devices reported as recently as February, 2023. For the latest security issues and patches, see QNAP’s security advisory page here.
Synology NAS Security
Synology devices are targeted by the most overall threats to NAS devices, but they have a larger population than most brands and are, on average, targeted more than four times less often than Asustor or Seagate devices. Nevertheless, a Synology NAS is still targeted over a hundred times more often than an average connected consumer device. As of writing this post, Synology has some unresolved issues, as well as several vulnerabilities fixed this year. For more, see Synology’s security advisory page.
Western Digital NAS Security
Western Digital (WD) is the least attacked NAS device brand on average. Nevertheless, WD has a sizeable device population overall, which is attacked quite often, as evidenced by the brand’s threat index: a WD NAS device is targeted by over 20 times more threats than an average connected device. Much like with any other NAS device brand, owners should follow their product security page to make sure they are on top of any severe vulnerabilities and security fixes.
More Data About Device Security – In the Report
Download the full consumer device cybersecurity report 2023 for more information about NAS and other device type security trends. To see a collection of articles and reports related to network service provider security, visit the ISP security hub.
