这次真的能“炸了”你的电脑！联网UPS设备易受到攻击

埃律西昂

来源：bleepingcomputer
原英文标题：《CISA warns of attacks targeting Internet-connected UPS devices》

---

In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations today to secure Internet-connected UPS devices from ongoing attacks.
在与美国能源部的联合咨询中，美国网络安全和基础设施安全局（CISA）今天警告美国组织保护连接互联网的UPS设备免受持续攻击。

UPS devices are regularly used as emergency power backup solutions in mission-critical environments, including data centers, industrial facilities, server rooms, and hospitals.
UPS 设备经常用作任务关键型环境中的应急备用电源解决方案，包括数据中心、工业设施、服务器机房和医院。

They're also connected to the Internet to allow admins to perform various remote tasks such as power monitoring and routine maintenance, which also exposes them to attacks.
它们还连接到Internet，以允许管理员执行各种远程任务，例如电源监控和日常维护，这也使他们受到攻击。

"The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords," the federal agencies said.
"网络安全和基础设施安全局（CISA）和能源部意识到威胁行为者可以访问各种互联网连接的不间断电源（UPS）设备，通常是通过不变的默认用户名和密码，"联邦机构说。

"Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet."
"组织可以通过从互联网上删除管理接口来减轻对UPS设备的攻击。当正常电源丢失时，UPS设备可在各种应用中提供应急电源。

How to block the attacks
如何阻止攻击
Recommended mitigation measures include finding all UPSs and other emergency power systems on orgs' networks and ensuring they're not reachable over the Internet.
建议的缓解措施包括查找组织网络上的所有 UPS 和其他应急电源系统，并确保无法通过互联网访问它们。

If connecting their management interfaces to the Internet cannot be avoided, admins are advised to put the devices behind a virtual private network, enable multifactor authentication (MFA), and strong passwords or passphrases to hinder brute-forcing attempts.
如果无法避免将其管理界面连接到 Internet，建议管理员将设备放在虚拟专用网络后面，启用多因素身份验证 （MFA） 以及强密码或密码短语以阻止暴力破解尝试。

The recommendations also include checking that the UPSs are not using factory default credentials to attackers' attempts to use them and take over the targeted devices.
这些建议还包括检查UPS是否未使用出厂默认凭据，以阻止攻击者尝试使用它们并接管目标设备。

U.S. organizations are also urged to implement login timeout/lockout policies to block these ongoing attacks against UPSs and similar systems.
还敦促美国组织实施登录超时/锁定策略，以阻止这些针对UPS和类似系统的持续攻击。

Besides default credentials, threat actors can also use critical security vulnerabilities to enable remote takeovers of uninterruptible power supply (UPS) devices and allow them to burn them out or disable power remotely.
除了默认凭据之外，威胁参与者还可以使用关键安全漏洞来远程接管不间断电源 （UPS） 设备，并允许他们远程烧毁或禁用电源。

For instance, a set of critical zero-day vulnerabilities tracked as TLStorm exploitable remotely by unauthenticated attackers without user interaction are known to impact SmartConnect and Smart-UPS devices from APC, a subsidiary of Schneider Electric.
例如，已知一组关键的零日漏洞被未经身份验证的攻击者在没有用户交互的情况下远程利用为TLStorm，这些漏洞会影响施耐德电气子公司APC的SmartConnect和Smart-UPS设备。