PUBLICATION

CISA/DOE Insights: Mitigating Attacks Against Uninterruptible Power Supply Devices

Publish Date

March 29, 2022

Related topics:

Cybersecurity Best Practices, Cyber Threats and Advisories,

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords.

In recent years, UPS vendors have added an Internet of Things capability, and UPSs are routinely attached to networks for power monitoring, routine maintenance, and/or convenience.

UPS devices provide clean and emergency power in a variety of applications when normal input power sources are lost. Loads for UPSs can range from small (e.g., a few servers) to large (e.g., a building) to massive (e.g., a data center). Various different groups within an organization could have responsibility for UPSs, including but not limited to IT, building operations, industrial maintenance, or even third-party contract monitoring service vendors.

CISA/DOE Insights: Mitigating Attacks Against Uninterruptible Power Supply Devices

Resource Materials

Tags

Secure by Design Alert: Eliminating Directory Traversal Vulnerabilities in Software

Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

CDM Data Model Document 4.1.1

Understanding and Responding to Distributed Denial-Of-Service Attacks

CISA/DOE Insights: Mitigating Attacks Against Uninterruptible Power Supply Devices

Resource Materials

Tags

Related Resources

Secure by Design Alert: Eliminating Directory Traversal Vulnerabilities in Software

Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

CDM Data Model Document 4.1.1

Understanding and Responding to Distributed Denial-Of-Service Attacks