Malicious Actors Target Construction Through Software Infiltration - Velox Systems

Malicious Actors Target Construction Through Software Infiltration

A construction worker using his computer to log into FOUNDATION accounting software

 

Malicious actors target construction through software infiltration. These hackers are undergoing this attack through the infiltration of FOUNDATION accounting software. This is a common accounting tool in use by many contractors. The first signs of this malicious activity were September 14, 2024 by Huntress. The cybersecurity firm notes 35,000 brute-force login attempts before a successful login attempt. Several targets of the emerging threat include plumbing, HVAC (heating, ventilation, and air conditioning), concrete, and other related industries. Huntress notes that:

“Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials”.

 

The process malicious actors use to gain entrance

How do these malicious actors gain entrance? Huntress comments that that Foundation server has two high-privileged accounts. These accounts are often left with unchanged default credentials. A consequence of this is that malicious actors “brute-force” the server and leverage an xp_cmdshell configuration option. This then allows the running of arbitrary shell commands. This also allows the running of scripts as if the actor had access right from the system command prompt. Of the 500 hosts running the FOUNDATION software across the endpoints protected by the company, 33 of them have been found to be publicly accessible with default credentials.

 

How to prevent Malicious actors from infiltration

Malicious actors target construction sector through software infiltration with dire consequences both financially and reputationally.  To prevent the risk of a similar attack happening in your organization, the recommendation is to rotate default account credentials. The organization should also cease exposing the application over the public internet and disable the xp_cmdshell option where appropriate. Here at Velox Systems, we have a wealth of experience in helping safeguard construction firms. We stay up to date on cybersecurity pitfalls that are specific to this industry and can work with your team to bolster your defenses for attacks like these. Take a look today.