Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

2022-03-30 17:14

Cyberattackers are targeting uninterruptible power supply devices, which provide battery backup power during power surges and outages.

UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high.

"In recent years, UPS vendors have added an Internet of Things [IoT] capability, and UPSs are routinely attached to networks for power monitoring, routine maintenance and/or convenience," according to a Tuesday alert from CISA. "Loads for UPSs can range from small to large to massive."

"Just because a vendor provides the capability to put a device on the internet, doesn't mean that it's set up to be secure. It's up to each organization to ensure that the systems they deploy are configured securely."

Other mitigations, according to CISA, include ensuring UPSs are behind a virtual private network, and adopting login timeout/lockout features so that the devices aren't continually online and open to the world.

"If you're responding to this advisory by updating the credentials for your UPS systems, take the follow-up step to ensure that other systems aren't using default credentials as well."

News URL

https://threatpost.com/cyberattackers-ups-backup-power-critical-environments/179169/

#backup #critical #cyberattacker #UPS