Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately. Credit: Matejmo / Getty Images Hackers have begun to attack internet-connected universal power supply devices, targeting their control interfaces via multiple remote code execution vulnerabilities and, in some cases, unchanged default usernames and passwords, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued on Tuesday.UPS devices, in recent years, have received IoT upgrades, according to CISA – the idea being to allow users to control them remotely via the internet. However, like many other IoT devices, some UPSs have serious flaws in their security and authentication systems, which attackers have exploited to gain illicit access to them.CISA’s major piece of guidance in the advisory is to immediately take inventory of all UPS devices in use at a given organization, and disconnect them from the internet completely, if at all possible. If they must remain connected to the internet, the agency urged that several steps be taken to mitigate possible compromises, including placing the vulnerable devices behind a VPN, enforcing multifactor authentication, and auditing usernames and passwords to ensure that they’re not still factory-default or otherwise easily guessed or cracked. The UPS exploits were first discovered by security firm Armis earlier this month. Several software vulnerabilities, according to Armis, affect UPS devices made by Schneider Electric-owned APC, a UPS market leader. The key vulnerabilities were found in a feature on newer APC devices called SmartConnect, which connects devices to the network and lets operators issue firmware updates and monitor and control them via a web portal. Two of the main vulnerabilities involve flaws in SmartConnect’s TLS implementation – the first is a buffer overflow memory issue, and the second is a problem with the way SmartConnect’s TLS handshake works. A third vulnerability stems from a lack of cryptographic signature verification on firmware deployed to the affected devices. All three of these vulnerabilities, the researchers said, can be exploited remotely to upload maliciously crafted firmware, without any user interaction, and compromised UPS devices could be used to simply shut down power to any system to which they’re connected. Other vectors like USB sticks or LAN access could also be used to compromise vulnerable UPS systems, according to the Armis team.Patches are available for some affected devices, but not all. Like CISA, Schneider Electric has released its own advisory documents, which offer the same advice to disconnect all potentially affected devices from the internet until they can be fully patched. Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe