The minute I was able to get into my account for My Cloud following the hack, I changed my password, and all of my information. Sadly, I’ve seen nothing about when we were contacted about who had data stolen. I haven’t gotten anything, and considering that today alone I had 11 attempts to gain access to my NAS, I am pretty certain that mine was. They’re from all over the world, so clearly whoever is doing it is using a VPN and isn’t a moron. Either way, I want my product replaced at this point. Is anyone else having these kinds of issues? I have always maintained a high level of security and I’d never imagined that my little personal cloud is where this would begin. Until this situation, I’d been quite happy with the service, but the lack of transparency during this most recent debacle has been an eye opener to say the least. Please, let me know if you’ve experienced similar issues.
What specific My Cloud model are you using and what firmware version is it running?
To provide context for others, how are you determining your My Cloud is under “constant attack” and that you have “11 attempts to gain access” to the My Cloud that day?
What options or features do you have enabled on the My Cloud in addition to the Cloud Access feature (SSH, FTP, Remote My Cloud Dashboard access, etc.)?
Have you enabled port forwarding within your local network router and if so which ports are being forwarded, particularly to the My Cloud?
One can always disable the Cloud Access feature of their My Cloud if they are concerned about potential remote access hacking. One can instead use their own methods of VPN by setting up a VPN Server on their local network (or on their router) to access their local network My Cloud from a remote location. One can remove or limit Cloud Access to users on one’s My Cloud via the My Cloud Dashboard.
As always, a layered defense is the best at preventing access to the local network devices. Use strong passwords. Do not have unsecured WiFi. Use Guest Networks, with client/local network isolation, with strong passwords to segment IoT devices. Do not allow unknown persons or untrusted person any sort of access to your local network or WiFi. Run anti virus/malware scanning programs on all devices possible including the NAS like the My Cloud.
Understand that all networks are subject to numerous port scanning and intrusion attempts daily. A good, properly secured, router/gateway is the first line of defense.
But at the end of the day, the moment you open up any local network device to remote access (or open up port forwarding) there exists the possibly, how ever remote, that an unauthorized person may gain access.
Unless you specifically need your data accessible from outside your network. . . . .exposing your NAS to the internet is a bad idea.
-
Turning off cloud services is a start, and eliminates a number of threats (i.e. hacking through WD Servers, for example
-
Blocking internet access from your router eliminates more vectors (i.e. scanning IP addresses randomly; exploiting OS/5 backdoors
-
Turning off your NAS when you really don’t need eliminates MOST threats. ( you are still open to malware and virus propagated through your home network).
The point here is
-
One needs to understand how the network is functioning. If you don’t understand how stuff works; either learn how to use it or don’t use it.
-
Cloud services (like WD Servers) are acting primarily in their interests, not yours. WD is interested in your security right up to the point where it becomes unprofitable.
-
It is much harder to hack something if it isn’t actually running.
For sake of this discussion - - > I have two NAS devices.
- Backup drive and critical file storage: Runs a few hours per week; on an independent (Not internet connected) network. When not in use. . . sits safe and sound and off.
- Media server - - -Cheap and dirty; just has a common media files on it. No personal data (beyond playlists). If it gets hacked; meh. Wipe it and restore from backup. Something fries it? Meh. Media is on cheap non-redundant hardware. Replace with new; restore data from backup.
I used to use “File server” functionality (i.e. Working files on NAS; accessed from multiple computers within the home). I did this with cloud services turned off; and the NAS blocked from the internet at the router. (This means your router is not letting any internet traffic to or from your NAS). Nice functionality if you need it
I’m using the most recent updates for MyCloud for software. I am getting messages from the security suite provided by my ISP (Cox) like this:
MyCloud-00A7LJ
9 IP Reputation Attacks
Past 7 Days
Source IP: 167.94.145.64
02/26, 9:25pm
We’ve blocked a known malicious IP from United
States from accessing this device.
Source IP: 167.94.145.55
02/26, 9:25pm
We’ve blocked a known malicious IP from United
States from accessing this device.
It’s been disco’d until this week.
Still no information about the specific WD OS and model.
Is this OS 5?
Description
Network Router and ISP sending connection attempt alerts to a network attached storage device.
Some WD network storage products are designed to allow you to access your files, photos, and videos remotely. To support this feature, network technologies such as UPnP or NAT-PMP are used to allow you to have authenticated access to this data, or to share content with others.
Because these technologies configure your router to allow incoming connection attempts to your WD network storage product, some connection attempts may be from anyone around the world that are looking to access unprotected devices. WD network storage products are designed to ignore or drop these unauthenticated attempts. Some router or ISPs implement additional security services that may show alerts and/or blocked connection attempts based on the reputation of incoming connection attempts (e.g., from outside your country or known malicious actors).
Resolution
It may be possible to prevent alerts like these by disabling router features such as UPnP or NAT-PMP; however, this may cause slower speeds when accessing content remotely or potentially affect other devices within the household that depend on these features being enabled. As always, we recommend that you keep your WD products and other devices updated with the latest firmware and that you use strong credentials.
IMPORTANT:
Western Digital Technical Support does not provide information on router UPnP support or instructions on how to disable UPnP on 3rd party routers. Please consult the router’s user manual or contact the router manufacturer to determine if UPnP is supported and instructions on how to disable UPnP.
Network: Router and ISP Connection Attempt Alert
Find detailed answers to your support questions for your Western Digital, SanDisk, WD_BLACK, or WD storage product.
