WD My Book NAS devices are being remotely wiped clean worldwide June 24, 2021 https://www.bleepingcomputer.com/ne...ces-are-being-remotely-wiped-clean-worldwide/
My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks https://threatpost.com/my-book-live-wiped-rce-attacks/167270/
The ONLY safe and secure storage solution is one that cannot communicate on-air with live internet. Or even have a wireless apparatus involved. Just makes common sense to keep those storages/backups isolated period. It's like not the last time such a matter will crop up again and not only WD. But you gotta know those customers/owners of MyBook are up against it from this debacle. Malware or otherwise (internal malfunction)
These incidents are already being attributed to the long-known unpatched vulnerability at sites documenting that CVE. Examples: NATIONAL VULNERABILITY DATABASE https://nvd.nist.gov/vuln/detail/CVE-2018-18472 "Current Description Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands," (Emphasis added.) Also at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18472 https://www.cvedetails.com/cve/CVE-2018-18472/ https://www.opencve.io/cve/CVE-2018-18472
Note that the original BleepingComputer page cited in the opening post of this thread has been updated a few times since this thread was started. Update 6/25/21: Added information about vulnerability and recovery options. Update 6/26/21: Added full updated statement. This includes information from WD about a trojan that has been installed on some affected drives, and a link to a Virus Total analysis of this trojan. Affected or interested followers of this thread should reread the BleepingComputer page occasionally to follow the latest developments.
Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices Western Digital removed code that would have prevented the wiping of petabytes of data June 29, 2021 https://arstechnica.com/gadgets/202...t-2018-bug-to-mass-wipe-my-book-live-devices/
Recommended Security Measures for WD My Book Live and WD My Book Live Duo https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo "Last Updated: June 29, 2021 Western Digital has determined that Internet-connected My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device. Data Recovery and Product Trade-In Programs To help customers who have lost data as a result of these attacks, Western Digital will provide data recovery services, which will be available beginning in July. My Book Live customers will also be offered a trade-in program to upgrade to a supported My Cloud device. Analysis of Newly Identified Vulnerability CVE-2021-35941 The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability [has] been assigned CVE-2021-35941."