美国网络安全暨基础设施安全局(CISA)指出UPS成为骇客攻击目标:
官网: https://tinyurl.com/bdzu74ak
CISA and the Department of Energy (DOE) are aware of threat actors gaining
access to a variety of internet-connected uninterruptable power supply (UPS)
devices, often through unchanged default usernames and passwords.
Organizations can mitigate attacks against their UPS devices, which provide
emergency power in a variety of applications when normal power sources are
lost, by removing management interfaces from the internet.
CISA发布的声明中指出,攻击者通常会透过未变更的默认使用者名称及密码,来获得不同
连网 UPS 的存取权限。所以我们最好能先将默认密码改成强固密码或较复杂密码,至少
可以获得基本的安全保障。再者,我们可以透过将管理接口从互联网上移除,便能有效
减缓连网 UPS 被攻击的可能性。