The Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned U.S. organizations that hackers are now targeting Internet-connected uninterruptable power supply (UPS) devices. Such attacks can literally fry PCs, or at least their power supplies, but the more dangerous outcome is that they can cause fires in datacenters, homes, and offices.
There are many different UPS offerings these days that connect to the internet to enable remote management, maintenance, and monitoring. But while these capabilities are designed to make UPS for datacenters, industrial facilities, hospitals, offices, and homes more reliable, internet connectivity also makes them a target for hackers according to CISA, reports BleepingComputer.
"The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords," a statement by CISA reads. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet."
In a bid to avoid attacks on mission critical machines, CISA recommends organizations ensure that their UPS are not reachable via the internet. Since this is sometimes impossible to do, CISA also recommends using strong passwords or passphrases, enabling multifactor authentication where available, implementing login timeout/lockout policies, and hiding any UPS devices behind virtual private networks. Obviously, default or weak passwords should not be used.
Perhaps the biggest problem is that UPS devices are, like other internet-connected devices, fundamentally vulnerable. For example, UPS solutions from APC suffered from a zero-day exposure called TLStorm that can be used remotely by unauthenticated perpetrators.
It should be noted that targeting Internet-connected UPS devices does not necessarily bring benefits to attackers. Uninterruptible power supplies do not host mission critical or financial data, so there is nothing to steal. But downing crucial datacenters or mission critical servers poses dangers to businesses or even states, which is why protecting UPS devices from cyberattacks is important.
Hackers Now Target Internet-Connected UPS Devices
