CISA Publishes Advisory About Cyber Attacks Targeting Internet-Connected UPS Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about ongoing cyberattacks against internet-connected uninterruptible power supply (UPS) devices. The US government encourages organizations to change their default user name and password settings to prevent hackers from targeting UPS devices.
An uninterruptible power supply (UPS) is a device that allows computer systems and IT equipment to keep running during a power outage. Many UPS devices can connect to the internet which enables enterprise admins to carry out monitoring and maintenance activities.
However, these internet-connected UPS units are also susceptible to cyber-attacks, disrupting the power supply in mission-critical environments, such as data centers and server rooms.
“CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet,” the federal agencies explained in the security advisory.
CISA provides remediation steps to block attacks against Internet-connected UPS devices
CISA has advised IT Admins to ensure that all UPS devices in their organization are not accessible via the internet. Nevertheless, the agencies understand that sometimes this is not possible and have also made some recommendations in this regard. These organizations should enforce multi-factor authentication, hide UPS devices behind virtual private networks (VPNs), and implement login timeout/lockout policies.
Moreover, CISA also urges enterprise customers to ensure that the UPS credentials adhere to strong password-length requirements. “This ensures that going forward, threat actors cannot use their knowledge of default passwords to access your UPS,” CISA said yesterday.
It is important to note that these cyberattacks don’t necessarily allow hackers to steal sensitive data or information. However, it is important to protect UPS devices because such attacks could potentially cause physical damage or alter the firmware of the UPS to gain control over the targetted network remotely.
More in Security
What is Microsoft Sentinel and How Does It Protect Cloud and On-Premises Resources?
Feb 2, 2023 | Mustafa Toroman
Microsoft Warns About New Consent-Phishing Attacks Used to Steal Data
Feb 1, 2023 | Rabia Noureen
Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines
Jan 31, 2023 | Rabia Noureen
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
How to Create Conditional Access Policies using PowerShell
Jan 4, 2023 | Liam Cleary
Most popular on petri