In a recent update, CISA and DoE (Department of Energy) jointly acknowledged the rising trend of cyberattacks and raised a concern over vulnerabilities associated with internet-connected UPS (Uninterruptible Power Supply) systems. This alert comes in light of the recent growth of cyberattacks targeting critical infrastructure not only in the United States but across countries that play a strategic role in various military and non-military geopolitical alliances.
The alert raises concerns in the following areas:
- UPS systems are vulnerable to attacks when connected to unsafe networks
- Most UPS systems connected to the internet have little to no security on the cyber front.
- Out of the box, these systems come with default usernames and passwords and in most cases, the default credentials are unchanged for years after installation.
- In large organizations UPS systems bought in bulk often have the same login credentials across each installation to access them.
Read more from the report here: Mitigating Attacks Against Uninterruptable Power Supply Devices
Dependable, reliable, and omnipresent energy aid
Uninterruptible power supply (UPS) has been a boon to humanity even before the dawn of the age of computers. In most cases, these systems are used to provide clean and emergency power supply in times of power outages or to regulate the surges in the flow of electricity.
In the early days, the UPS systems were often connected to critical industrial machines to prevent any occurrence of unsafe shutdowns or the breakdown of such machines due to surges in electrical power. In fairness, UPS has been a constant source of reliable and safe energy in times of desperate need. With the growth and the rise of digitalization, UPS was later introduced widely for consumer use and thus began its rise in popularity. Significant upgrades and advancements to UPS systems later followed in its evolution to provide vital insights into the networks and connected equipment.
Such UPS systems now come with the ability to connect to the internet, provide vital insights into monitoring any surges in a steady stream of power, remind concerned authorities of timely maintenance, and much more. These internet-connected UPS systems are also actively in use by several healthcare (IoT sensors, IoMT equipment), manufacturers (OT, ICS, SCADA equipment), pharmaceuticals (OT and ICS equipment), enterprises (backups to servers), and other critical infrastructure industries while providing a steady flow of safe and uninterrupted energy during vital organizational operations.
This growth of IoT or the internet-connected UPS systems has also become a critical component when integrated with network and poses grave cyberthreats when overlooked for its availability for functional operations.
Potential casualties incurred by a successful cyberattack on internet-connected UPS systems.
- Manipulation of data on IoMT or denial of service on vital healthcare equipment
- Sensor manipulations
- Disabling the Automatic voltage regulation (AVR)
- Destruction via a surge in power supply
- Denial of service on enterprise servers
- Malware injection
- Lateral movement via a compromised network can lead to data leakage
- Privileged escalation
It is hence established that internet-connected UPS plays a critical role.
What can be done to secure internet-connected UPS?
While the CISA and the DoE suggest regular and timely updates of software and the use of MFA as immediate steps, we at Sectrio, suggest all take a step back and follow these steps.
- Have ample visibility into your network, be it even a remote or a hearing aid that is connected to your network.
- Monitor for anomalies on the network
- Log network activities
- Segment your network into zones and conduits. Also read: How micro segmentation can help secure your connected assets.
- Use of MFA and strong passwords
- Use of safe VPN
- Regular vulnerability scans to identify gaps in security
- Compliance with IEC 62443, Zero Trust, and NIST CSF
- Working with real-time threat intelligence
- Reporting of cyber incidents or suspected incidents as quickly as possible to the right authorities.
Will cyberthreats ever stop?
On March 29th, 2022, a statement made before the House Judiciary Committee by the FBI cyber division stated that “As adversaries become more sophisticated and stealthier, we are most concerned about our ability to detect and warn about specific cyber operations against U.S. organizations. Maybe most worrisome is their focus on compromising U.S. critical infrastructure, especially during a crisis”. This official statement by the FBI’s cyber division brings perspective on the state of cybersecurity in North America and is an alarming wake-up call to all organizations for immediate cybersecurity revamp into their ever-growing converged cyber environment.
For more information on the evolving threat landscape and insights into emerging cyberattacks and bad actors, read our latest IoT and OT threat landscape assessment report 2022
Learn how Sectrio’s solutions can help secure your organizations today. Reach out to our cybersecurity experts to get started now.
Join our upcoming webinar: Key Takeaways from the Sectrio’s Global Threat Landscape Assessment Report 2022
IoT and OT focused threat Intelligence feeds free for 15 days! Try it right now: Threat Intelligence