Thought I would link this post that has ideas of how to protect unRAID from SMB attack via an infected Windows workstation.
Seems that @BRiT implemented a find statement similar to what I mentioned. Maybe he would share it or a generic sample of it that others could adapt.
Putting this protection in place is relatively easy, and has little impact on our "freedom" to use our array. So long as the integrity of the Linux OS is not compromised, Linux security will stop SMB from updating files.
Most of my shares are already private, with read-only or no access to everyone but me. So I am the security vulnerability on my system. I know enough to not do dumb stuff, but don't know that I would stack ALL my data on knowing I wouldn't click a link that would compromise my own workstation.
This doesn't apply to me, but potentially a little more concerning, would be a VM configuration where access to the array is provided outside of SMB. I know that VMware Workstation (which I have used a lot) does provide some special sharing features with the host. If a Windows VM on unRAID has local-like access to something line "/mnt", it could be a real problem! Someone closer to VM features in unRAID might be able to comment if something special should be done to protect your server from a Windows VM running on your server.
Dockers, being Linux, are not at as great a risk. But I have to admit to mapping "/mnt" into the Docker to add flexibility on the occasional need to access something not on one of the folders I routinely use. I am thinking to revisit that practice, and better lock down visibility of the Docker to my array. Who knows if an author, purposefully or accidentally, would unleash some deadly code.
Finally, backups which used to exist to protect against hardware failure and user error, now need to exist for protecting from crap like this. If you've been putting off setting up backups, now is the time. And whatever you use, make sure that it is not something that will get clobbered by a security event. For example, if you have flies that are updated in the cloud as they are updated on unRAID (or even doing nightly), then an attack could easily corrupt your backup.
We have to think about it stupid crap like this because the hackers are winning.