Feds: UPS devices targeted in ongoing attacks

March 30, 2022

BleepingComputer reports that threat actors have launched ongoing attacks aimed at internet-connected uninterruptible power supply devices, which are being leveraged as emergency power backup solutions in data centers, server rooms, industrial facilities, and hospitals. The Cybersecurity and Infrastructure Security Agency and the Department of Energy warned in a joint advisory that such attacks involve the exploitation of unchanged default credentials. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies said. Organizations have been recommended to identify all UPSs used in their network and ensure that they are not connected to the internet but those who cannot avoid connecting the systems to the internet should leverage a virtual private network and leverage stronger passwords and multi-factor authentication. The advisory also urged organizations to adopt login timeout/lockout policies to better defend UPSs and other systems from attacks.

Feds: UPS devices targeted in ongoing attacks

Related

Cybersecurity Is a Team Sport – Dixon Styres, Jamie Moles – ESW #282

Banking trojan finds new routes to accounts by infiltrating Google Play Store

Kaspersky patches local privilege escalation vulnerability in VPN Secure Connection

Related Events

Part 2: Endless endpoints, one solution: A new strategy for simplifying endpoint management

Part 1: IT Operations vs. IT Security: Tearing Down Internal Silos by Unifying Endpoint Management

XDR to the Rescue? How to improve detection and response