Comment Re:What a load of FUD! (Score 4, Interesting) 150
A NAS device is not a toaster. It's a file server running a lightweight but fully-featured operating system. You don't need to be a professional network administrator, but you do need to be careful enough to at least check in regularly for updates. One presumes such hardware was purchased because you had valuable data you wished to manage or protect. Honestly, a NAS is really not a purchase for "normal" people. Power-users and up, I'd say, are the minimum personnel requirements.
Even so, Synology machines are not hard to patch. They download OS updates automatically by default. All you have to do is log in via the administration page once in a while and click the "update" button, since it pops up right on the page after it sees you have an update to install. And every update has a link right next to it that points to a web page detailing exactly what changed or what was fixed. I'd suppose the reason there's no "auto-update" is because an update requires a 5-10 minute patch and reboot cycle, and you generally don't want your file server automatically rebooting at it's own convenience.
I'm presuming (since information is a bit scarce) that users either failed to patch their machines for six months or longer due to neglect, or they made a deliberate choice not to do so for some reason, yet kept their internet-facing services wide open (note that these are not installed or enabled by default). Unfortunately, that's pretty much a guaranteed recipe for an attack of this sort. It's a crappy way to have to learn a lesson.