Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately. Credit: Matejmo / Getty Images Hackers have begun to attack internet-connected universal power supply devices, targeting their control interfaces via multiple remote code execution vulnerabilities and, in some cases, unchanged default usernames and passwords, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued on Tuesday.UPS devices, in recent years, have received IoT upgrades, according to CISA – the idea being to allow users to control them remotely via the internet. However, like many other IoT devices, some UPSs have serious flaws in their security and authentication systems, which attackers have exploited to gain illicit access to them.CISA’s major piece of guidance in the advisory is to immediately take inventory of all UPS devices in use at a given organization, and disconnect them from the internet completely, if at all possible. If they must remain connected to the internet, the agency urged that several steps be taken to mitigate possible compromises, including placing the vulnerable devices behind a VPN, enforcing multifactor authentication, and auditing usernames and passwords to ensure that they’re not still factory-default or otherwise easily guessed or cracked.The UPS exploits were first discovered by security firm Armis earlier this month. Several software vulnerabilities, according to Armis, affect UPS devices made by Schneider Electric-owned APC, a UPS market leader. The key vulnerabilities were found in a feature on newer APC devices called SmartConnect, which connects devices to the network and lets operators issue firmware updates and monitor and control them via a web portal. Two of the main vulnerabilities involve flaws in SmartConnect’s TLS implementation – the first is a buffer overflow memory issue, and the second is a problem with the way SmartConnect’s TLS handshake works. A third vulnerability stems from a lack of cryptographic signature verification on firmware deployed to the affected devices. All three of these vulnerabilities, the researchers said, can be exploited remotely to upload maliciously crafted firmware, without any user interaction, and compromised UPS devices could be used to simply shut down power to any system to which they’re connected. Other vectors like USB sticks or LAN access could also be used to compromise vulnerable UPS systems, according to the Armis team.Patches are available for some affected devices, but not all. Like CISA, Schneider Electric has released its own advisory documents, which offer the same advice to disconnect all potentially affected devices from the internet until they can be fully patched. Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe