In recent developments, cyber attackers are focusing their efforts on uninterruptible power supply (UPS) devices, which are critical components that provide backup power during electrical surges and outages. These UPS devices are often deployed in mission-critical environments to safeguard essential infrastructure and IT systems. The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy have issued warnings regarding this trend.
Attackers are targeting internet-connected UPS devices, primarily exploiting default usernames and passwords. However, vulnerabilities, such as the TLStorm bugs disclosed earlier, are also part of their arsenal.
UPS devices now commonly feature Internet of Things (IoT) capabilities and are connected to networks for purposes like power monitoring and routine maintenance. They serve a broad range of loads, from small server setups to large buildings or even massive data centers.
If attackers gain remote control over these devices, they can employ them for various malicious purposes. For example, they may use them as a stepping stone to infiltrate a company's internal network and steal sensitive data. In more severe scenarios, attackers could disrupt power to mission-critical equipment or services, potentially causing physical harm in industrial settings and leading to significant financial losses for businesses.
Additionally, cybercriminals might execute remote code to manipulate the UPS devices' operations or physically damage them and the connected equipment.
To mitigate these risks, organizations responsible for maintaining UPS devices can take several steps. They should first identify all connected UPSs and consider taking them offline if possible. If maintaining an active IoT connection is necessary, administrators should change default credentials to strong username-password combinations, ideally implementing multifactor authentication (MFA). Other security measures include placing UPSs behind a virtual private network (VPN) and using login timeout/lockout features to reduce their exposure to potential attacks.
It's crucial to remember that security is an ongoing process, and organizations should regularly review and update their security practices to adapt to evolving threats.