Construction Industry Under Siege: Brute Force Attacks Target Foundation Accounting Software
Cybercriminals are intensifying efforts to breach corporate networks of construction firms by targeting exposed Foundation accounting servers. This particular software, extensively used within the construction industry, has become a prime target for hackers due to weak security measures on privileged accounts.
Attack Overview
- Researchers from Huntress detected malicious activity on Foundation accounting software servers starting on September 14, 2024.
- Attackers are brute-forcing passwords on accounts with highly privileged access to exposed servers, specifically targeting plumbing, HVAC, concrete, and other construction sub-industries.
Open Ports and Weak Passwords
- The Microsoft SQL Server (MSSQL) used by Foundation is publicly exposed via TCP port 4243 to support a companion mobile app.
- Two default admin accounts, 'sa' and 'dba', are frequently targeted. Servers with default or weak passwords on these accounts are vulnerable to hijacking.
Aggressive Brute-Force Attacks
- Some servers experienced up to 35,000 brute force attempts per hour, overwhelming defenses and eventually cracking passwords.
- Once inside, attackers activate the xp_cmdshell feature, allowing them to run system commands like ‘ipconfig’ and ‘wmic’, collecting network and system data.
Widespread Impact
- Huntress monitored three million endpoints and identified 500 hosts running the vulnerable software, of which 33 publicly exposed MSSQL databases with default credentials.
- While the cloud-based version of Foundation remains secure, the on-premise variant has been the primary target of these attacks.
Defensive Measures
- Foundation Software has acknowledged the issue and recommended steps to mitigate the risks, advising users to rotate credentials and close unnecessary public ports.
- Huntress further recommends not exposing MSSQL servers unless necessary and to disable default accounts or enforce stronger password policies.
This attack serves as a stark reminder that strong password practices and secure configurations are critical in preventing breaches. Net Protector Cyber Security offers advanced solutions to safeguard organizations against such threats by hardening security and monitoring for brute force attempts across vulnerable systems.
Comment(s)
Categories
- Other (42)
- Ransomware (128)
- Events and News (26)
- Features (45)
- Security (433)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (80)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (7)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)
Recent Posts
Archive
Tags
cyber attack
phishing
data breach
ransomware
ransomeware
android malware
financial security
cyber security
malware
phishing attack
cyber threats
data stealing
phishing attacks
cyber threat
lockbit
india
data theft
ddos
financial fraud
cybercrime
cert-in
twitter
network security
phishing email
microsoft
critical vulnerability
trojan
cryptojacking
scam
phishing scam
play store
clop
email security
email phishing
vulnerability
cyber fraud
net protector total security
server security
malicious apps
winrar
data security
microsoft team
android apps
pakistan-backed hacker
cyberattack
cybercriminals
data backup
cyber attacks
organisation
ddos attack