Security News > 2022 > March > CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices
The U.S. Cybersecurity and Infrastructure Security Agency and the Department of Energy are jointly warning of attacks against internet-connected uninterruptible power supply devices by means of default usernames and passwords.
"Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies said in a bulletin published Tuesday.
UPS devices, in addition to offering power backups in mission-critical environments, are also equipped with an internet of things capability, enabling the administrators to carry out power monitoring and routine maintenance.
To mitigate against such threats, CISA and DoE are advising organizations to enumerate and disconnect all UPS systems from the internet and gate them behind a virtual private network as well as enforce multi-factor authentication.
The agencies have also urged concerned entities to update the UPS usernames and passwords to ensure that they don't match the factory default settings.
"This ensures that going forward, threat actors cannot use their knowledge of default passwords to access your UPS," the advisory read. The warnings come three weeks after Armis researchers disclosed multiple high-impact security flaws in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner.
News URL
https://thehackernews.com/2022/03/cisa-warns-of-ongoing-cyber-attacks.html
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)