
close
close
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about ongoing cyberattacks against internet-connected uninterruptible power supply (UPS) devices. The US government encourages organizations to change their default user name and password settings to prevent hackers from targeting UPS devices.
An uninterruptible power supply (UPS) is a device that allows computer systems and IT equipment to keep running during a power outage. Many UPS devices can connect to the internet which enables enterprise admins to carry out monitoring and maintenance activities.
advertisment
However, these internet-connected UPS units are also susceptible to cyber-attacks, disrupting the power supply in mission-critical environments, such as data centers and server rooms.
“CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet,” the federal agencies explained in the security advisory.
CISA has advised IT Admins to ensure that all UPS devices in their organization are not accessible via the internet. Nevertheless, the agencies understand that sometimes this is not possible and have also made some recommendations in this regard. These organizations should enforce multi-factor authentication, hide UPS devices behind virtual private networks (VPNs), and implement login timeout/lockout policies.
Moreover, CISA also urges enterprise customers to ensure that the UPS credentials adhere to strong password-length requirements. “This ensures that going forward, threat actors cannot use their knowledge of default passwords to access your UPS,” CISA said yesterday.
advertisment
It is important to note that these cyberattacks don’t necessarily allow hackers to steal sensitive data or information. However, it is important to protect UPS devices because such attacks could potentially cause physical damage or alter the firmware of the UPS to gain control over the targetted network remotely.
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
TLStorm 2.0 Exploits Expose Millions of Aruba and Avaya Network Switches to RCE Attacks
May 3, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group