"CISA Warns of Attacks Against Internet-Connected UPS Devices"

According to a new advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers have begun to attack internet-connected universal power supply devices, targeting their control interfaces via multiple remote code execution vulnerabilities and, in some cases, unchanged default usernames and passwords.  According to CISA, UPS devices have received IoT upgrades that allow users to control them remotely via the internet in recent years.  However, like many other IoT devices, some UPSs have severe flaws in their security and authentication systems, which attackers have exploited to gain illicit access to them.  CISA’s primary guidance in the advisory is to immediately take inventory of all UPS devices in use at a given organization and disconnect them from the internet completely, if at all possible.  If they must remain connected to the internet, the agency urged several steps to mitigate possible compromises, including placing the vulnerable devices behind a VPN, enforcing multifactor authentication, and auditing usernames and passwords to ensure that they’re not still factory-default or otherwise easily guessed or cracked.

CSO Online reports: "CISA Warns of Attacks Against Internet-Connected UPS Devices"