US CISA and the DoE issue an insight about a threat to UPS devices

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy issue an insight concerning possible threats to internet-connected uninterruptible power supply (UPS) devices through unchanged default usernames and passwords. The insight recommends the following: (1) ensure that UPSs and similar systems are not accessible from the internet. If this is not the case, then to ensure the device or system is behind a VPN, enforce multi-factor authentication and use strong passwords following NIST guidelines, (2) update your UPS username/password so that it no longer matches the default. And (3) ensure that credentials for all UPSs and similar systems adhere to strong password requirements and adopt login timeout/lockout features