My IP address (with a NAS) is targeted by a hacker. What to do? Should I be worried?
As for anything attached to public networks:
- Reduce your attack surface - can you remove the NAS from the Internet? Can you limit the IPs that are allowed to connect?
- Increase cost of attack - lockouts are great, but also make sure that you have a complex password and that you change it regularly
- Monitor access - keep your eye on who successfully logs in
- Treat the risks - have a plan for the event when someone actually breaks in. Can the NAS be used to access the rest of your network? Is there anything on it that would be a risk if it fell into the wrong hands? Do you have backups?
From what you describe it is possible that you have been targeted from bots which are searching IP with specific ports and trying to brutal force them with default passwords of all kind of FTPs, NAS:s or just from a specific wordlist. My advice to you: close the NAS port in your router for now.There are several methods to avoid those attacks. A method is to build a virtual private network (vpn) at home and access your NAS from it.
You should not be worried about it because there are tons of chinese, french and other countries bots that trying to do the same thing. Usually you become a target when you are using some kind of DNS which points to your IP, like noip.com.
As someone who has occasionally needed to review Security Event Information Monitoring (SEIM) data I can tell you that being port scanned is nothing unusual. It can happen as often as daily.
Connecting to the internet is like having a front door onto a busy street. You will get people knocking at your door. And some of them might be interested in stealing your stuff.
I have no idea why you have chosen to connect your NAS to the Internet. I would not have done so but you may have good reason. If you are going to do so, reduce your attack surface by limiting what ports and IPs you allow through your router, and then lock down the NAS itself as much as you can, for example by not running services you don't use. Also make sure your router is running the latest firmware to minimise the risk of someone using a known exploit.