Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately. Credit: Matejmo / Getty Images Hackers have begun to attack internet-connected universal power supply devices, targeting their control interfaces via multiple remote code execution vulnerabilities and, in some cases, unchanged default usernames and passwords, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued on Tuesday.UPS devices, in recent years, have received IoT upgrades, according to CISA – the idea being to allow users to control them remotely via the internet. However, like many other IoT devices, some UPSs have serious flaws in their security and authentication systems, which attackers have exploited to gain illicit access to them.CISA’s major piece of guidance in the advisory is to immediately take inventory of all UPS devices in use at a given organization, and disconnect them from the internet completely, if at all possible. If they must remain connected to the internet, the agency urged that several steps be taken to mitigate possible compromises, including placing the vulnerable devices behind a VPN, enforcing multifactor authentication, and auditing usernames and passwords to ensure that they’re not still factory-default or otherwise easily guessed or cracked. The UPS exploits were first discovered by security firm Armis earlier this month. Several software vulnerabilities, according to Armis, affect UPS devices made by Schneider Electric-owned APC, a UPS market leader. The key vulnerabilities were found in a feature on newer APC devices called SmartConnect, which connects devices to the network and lets operators issue firmware updates and monitor and control them via a web portal. Two of the main vulnerabilities involve flaws in SmartConnect’s TLS implementation – the first is a buffer overflow memory issue, and the second is a problem with the way SmartConnect’s TLS handshake works. A third vulnerability stems from a lack of cryptographic signature verification on firmware deployed to the affected devices. All three of these vulnerabilities, the researchers said, can be exploited remotely to upload maliciously crafted firmware, without any user interaction, and compromised UPS devices could be used to simply shut down power to any system to which they’re connected. Other vectors like USB sticks or LAN access could also be used to compromise vulnerable UPS systems, according to the Armis team.Patches are available for some affected devices, but not all. Like CISA, Schneider Electric has released its own advisory documents, which offer the same advice to disconnect all potentially affected devices from the internet until they can be fully patched. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe