Cybersecurity Threats in Construction: Protecting Your Company from Brute-Force Attacks
Construction companies are increasingly becoming prime targets for hackers employing brute-force attacks. Recent findings from cybersecurity researchers at Huntress reveal alarming trends in which these cybercriminals infiltrate network systems to execute unauthorized commands remotely. The primary focus of these attacks appears to be on Foundation, a software widely used in the construction industry for accounting and project management.
Understanding Foundation Software’s Vulnerabilities
Foundation software is essential for managing various aspects of construction operations, including:
- Financial management
- Job costing
- Payroll processing
- Reporting and compliance
Additionally, this software features a mobile app, but proper functionality requires a Microsoft SQL Server (MSSQL) to be configured to allow public access via TCP port 4243. Unfortunately, many users do not change the default passwords on the two admin accounts associated with this server, creating an easy entry point for hackers.
The Scope of the Attacks
Cybercriminals seem to have identified this vulnerability, leading to a surge in brute-force attacks targeting numerous organizations within the construction sector. In an extraordinary observation, Huntress recorded an astonishing 35,000 login attempts on a single server within just one hour. These attacks primarily affect businesses operating in plumbing, HVAC, concrete, and similar trades.
Consequences of a Breach
Once hackers gain access to the systems, they aim to activate features that facilitate command execution on the operating system. Some of the commands identified during these attacks include:
- Retrieving network configuration details
- Gathering information about hardware
- Accessing operating system and user account details
According to Huntress, they have found 500 hosts operating Foundation software, with 33 of these exposing MSSQL databases with default admin credentials to public access. Although Huntress informed Foundation about these security loopholes, the company maintains that the issue is limited to on-premises instances. As a result, it emphasizes that users must take responsibility for securing their systems.
Enhancing Your Security Posture
Foundation has pointed out that not all servers have the same ports open, and not everyone uses standard default credentials. Therefore, it’s crucial for construction firms to actively monitor their network security. Here are some recommendations to bolster your security posture:
- Change default passwords immediately after installation
- Limit public access to critical servers
- Implement regular security audits
- Educate employees on cybersecurity best practices
Conclusion
As the construction industry continues to adopt digital solutions like Foundation software, the importance of cybersecurity cannot be overstated. With hackers keenly targeting construction firms, it is imperative to stay vigilant and proactive in securing your networks. By following best practices and ensuring that all security measures are in place, you can protect your organization from falling victim to malicious attacks.
For the latest updates in cybersecurity that affect your business, sign up for our newsletter to stay informed and prepared.