Jump to content
  • CISA warns of attacks targeting Internet-connected UPS devices

    Karlston

    • 538 views
    • 2 minutes
     Share


    • 538 views
    • 2 minutes

    In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations today to secure Internet-connected UPS devices from ongoing attacks.

     

    UPS devices are regularly used as emergency power backup solutions in mission-critical environments, including data centers, industrial facilities, server rooms, and hospitals.

     

    They're also connected to the Internet to allow admins to perform various remote tasks such as power monitoring and routine maintenance, which also exposes them to attacks.

     

    "The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords," the federal agencies said.

     

    "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet."

    How to block the attacks

    Recommended mitigation measures include finding all UPSs and other emergency power systems on orgs' networks and ensuring they're not reachable over the Internet.

     

    If connecting their management interfaces to the Internet cannot be avoided, admins are advised [PDF] to put the devices behind a virtual private network (VPN), enable multifactor authentication (MFA), and strong passwords or passphrases to hinder brute-forcing attempts.

     

    The recommendations also include checking that the UPSs are not using factory default credentials to attackers' attempts to use them and take over the targeted devices.

     

    U.S. organizations are also urged to implement login timeout/lockout policies to block these ongoing attacks against UPSs and similar systems.

     

    Besides default credentials, threat actors can also use critical security vulnerabilities to enable remote takeovers of uninterruptible power supply (UPS) devices and allow them to burn them out or disable power remotely.

     

    For instance, a set of critical zero-day vulnerabilities tracked as TLStorm exploitable remotely by unauthenticated attackers without user interaction are known to impact SmartConnect and Smart-UPS devices from APC, a subsidiary of Schneider Electric.

     

     

    CISA warns of attacks targeting Internet-connected UPS devices

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...