[Tech-l] FW: Shields Up Update: UPS devices

Thor Sage sage at mveca.org
Wed Mar 30 10:07:59 EDT 2022 

Good morning!
Sharing the below security advisory from CISA regarding network connected UPS units.
Thanks,
Thor


Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/> [t] <https://twitter.com/mvecarcog>
Not-for-profit Technology Services for Education and Local Governments



From: Ohio-K12 DoNotReply <donotreply at ohio-k12.help<mailto:donotreply at ohio-k12.help>>
Date: Wednesday, March 30, 2022 at 8:39 AM
To: Scott Gaughan <scott.gaughan at managementcouncil.org<mailto:scott.gaughan at managementcouncil.org>>, Melissa Balbaugh <melissa.balbaugh at managementcouncil.org<mailto:melissa.balbaugh at managementcouncil.org>>, Christine Daugherty <christine.daugherty at managementcouncil.org<mailto:christine.daugherty at managementcouncil.org>>
Subject: Shields Up Update: UPS devices


Ohio Cybersecurity Partners,



The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords. In a CISA and DOE Insights https://go.usa.gov/xzHeY , organizations are provided with recommended actions to mitigate attacks against UPS devices.



Organizations should immediately enumerate all UPSs and similar systems and ensure they are not accessible from the internet. In the rare situation where a UPS or similar system’s management interface must be accessible from the internet, these devices should have compensating controls, such as ensuring the device or system is behind virtual private network, enforcing multifactor authentication, and applying strong, long passwords.



CISA and DOE recommend all organizations—regardless of size—review this joint Insights, apply recommended actions, and overall adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.



In addition to reviewing this joint Insights, CISA encourages critical infrastructure executives and senior leaders to review our "Shields Up" webpage at cisa.gov/shields-up http://www.cisa.gov/shields-up . Also, organizations should report incidents and unusual activity to CISA 24/7 Operations Center at report at cisa.gov<mailto:report at cisa.gov> mailto:report at cisa.gov  or (888) 282-0870.



________________________________________

Very respectfully,

Terin D. Williams

Cybersecurity Advisor, Region 5 (OH)

Cybersecurity and Infrastructure Security Agency

614.314.7793 | terin.williams at cisa.dhs.gov<mailto:terin.williams at cisa.dhs.gov>



[cid:image002.png at 01D8441D.13F2CFD0]<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisa.gov%2F&data=04%7C01%7Ced.weisenbach%40education.ohio.gov%7C4af489bb9342434d069508d8eee54c33%7C50f8fcc494d84f0784eb36ed57c7c8a2%7C0%7C0%7C637522015919357696%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHyq1sZtgaST%2F6D6eTGtcofV6GA9pxLbASQzD1kNyVg%3D&reserved=0>

[cid:image003.png at 01D8441D.13F2CFD0]

Learn more about #EachChildOurFuture, Ohio’s plan to ensure each child is challenged, prepared and empowered.



This message is intended for Academy of Educational Excellence (013195)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 12502 bytes
Desc: image002.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 32046 bytes
Desc: image003.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image004.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image005.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 1197 bytes
Desc: image006.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220330/2a79c0e3/attachment-0005.jpg>

More information about the Tech-l mailing list