Feds: UPS devices targeted in ongoing attacks

BleepingComputer reports that threat actors have launched ongoing attacks aimed at internet-connected uninterruptible power supply devices, which are being leveraged as emergency power backup solutions in data centers, server rooms, industrial facilities, and hospitals. The Cybersecurity and Infrastructure Security Agency and the Department of Energy warned in a joint advisory that such attacks involve the exploitation of unchanged default credentials. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies said. Organizations have been recommended to identify all UPSs used in their network and ensure that they are not connected to the internet but those who cannot avoid connecting the systems to the internet should leverage a virtual private network and leverage stronger passwords and multi-factor authentication. The advisory also urged organizations to adopt login timeout/lockout policies to better defend UPSs and other systems from attacks.