CISA Publishes Advisory About Cyber Attacks Targeting Internet-Connected UPS Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about ongoing cyberattacks against internet-connected uninterruptible power supply (UPS) devices. The US government encourages organizations to change their default user name and password settings to prevent hackers from targeting UPS devices.

An uninterruptible power supply (UPS) is a device that allows computer systems and IT equipment to keep running during a power outage. Many UPS devices can connect to the internet which enables enterprise admins to carry out monitoring and maintenance activities.

However, these internet-connected UPS units are also susceptible to cyber-attacks, disrupting the power supply in mission-critical environments, such as data centers and server rooms.

“CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet,” the federal agencies explained in the security advisory.

CISA provides remediation steps to block attacks against Internet-connected UPS devices

CISA has advised IT Admins to ensure that all UPS devices in their organization are not accessible via the internet. Nevertheless, the agencies understand that sometimes this is not possible and have also made some recommendations in this regard. These organizations should enforce multi-factor authentication, hide UPS devices behind virtual private networks (VPNs), and implement login timeout/lockout policies.

Moreover, CISA also urges enterprise customers to ensure that the UPS credentials adhere to strong password-length requirements. “This ensures that going forward, threat actors cannot use their knowledge of default passwords to access your UPS,” CISA said yesterday.

It is important to note that these cyberattacks don’t necessarily allow hackers to steal sensitive data or information. However, it is important to protect UPS devices because such attacks could potentially cause physical damage or alter the firmware of the UPS to gain control over the targetted network remotely.