Millions of users may have suddenly found their My Book Live NAS wiped. While the cause behind the attack initially remained unclear, though is now identified. Specifically, the attackers exploited a zero-day vulnerability to wipe My Book Live devices.
Zero-Day Bug Allowed Wiping My Book Live
Researchers from cybersecurity firm Censys have identified a zero-day vulnerability affecting My Book Live devices. They could find this bug behind the recent wave of cyberattacks targeting My Book Live NAS.
Specifically, the Western Digital My Book Live NAS made it to the news due to a weird cyber-attack where the attackers not only deleted the data from the devices but also factory reset them, leaving the users unable to sign in back.
This attack alarmed many users, especially given that these NAS devices are protected behind a firewall. Thus, the affected users started posting the details on the Western Digital community forum endorsing the idea of an orchestrated cyber attack.
Initially, Western Digital (WD) held the newly identified bug, CVE-2021-35941, responsible for this attack. As explained in their advisory, it was a remote command injection vulnerability that allowed factory resetting without authentication.
However, Censys researchers have detected another vulnerability as the culprit. Particularly, they highlighted the bug, CVE-2018-18472, first identified in 2018. This vulnerability allowed unauthenticated remote command execution via a malicious PUT request to the /api/1.0/rest/language_configuration endpoint. This would lead to a complete device takeover.
The researchers have shared the technical details of this exploit in their report.
How To Prevent Data Loss From My Book Live Device?
Censys researchers have advised pulling the vulnerable NAS devices offline and strengthening the security of devices (laptops, PCs, etc.) that you use to access the NAS.
Whereas, Western Digital has announced data recovery services starting from July for those who have already suffered the loss. Moreover, the vendors will also facilitate the customers to upgrade to a supported My Cloud device.
Although, some users had successfully recovered their lost data via data recovery tools. However, some others didn’t. So, you may also try this strategy meanwhile to restore the data.
Besides, as a precaution, all users must keep computing systems at home safe by implementing cybersecurity best practices.