Construction Industry Under Siege: Brute Force Attacks Target Foundation Accounting Software
Cybercriminals are intensifying efforts to breach corporate networks of construction firms by targeting exposed Foundation accounting servers. This particular software, extensively used within the construction industry, has become a prime target for hackers due to weak security measures on privileged accounts.
Attack Overview
- Researchers from Huntress detected malicious activity on Foundation accounting software servers starting on September 14, 2024.
- Attackers are brute-forcing passwords on accounts with highly privileged access to exposed servers, specifically targeting plumbing, HVAC, concrete, and other construction sub-industries.
Open Ports and Weak Passwords
- The Microsoft SQL Server (MSSQL) used by Foundation is publicly exposed via TCP port 4243 to support a companion mobile app.
- Two default admin accounts, 'sa' and 'dba', are frequently targeted. Servers with default or weak passwords on these accounts are vulnerable to hijacking.
Aggressive Brute-Force Attacks
- Some servers experienced up to 35,000 brute force attempts per hour, overwhelming defenses and eventually cracking passwords.
- Once inside, attackers activate the xp_cmdshell feature, allowing them to run system commands like ‘ipconfig’ and ‘wmic’, collecting network and system data.
Widespread Impact
- Huntress monitored three million endpoints and identified 500 hosts running the vulnerable software, of which 33 publicly exposed MSSQL databases with default credentials.
- While the cloud-based version of Foundation remains secure, the on-premise variant has been the primary target of these attacks.
Defensive Measures
- Foundation Software has acknowledged the issue and recommended steps to mitigate the risks, advising users to rotate credentials and close unnecessary public ports.
- Huntress further recommends not exposing MSSQL servers unless necessary and to disable default accounts or enforce stronger password policies.
This attack serves as a stark reminder that strong password practices and secure configurations are critical in preventing breaches. Net Protector Cyber Security offers advanced solutions to safeguard organizations against such threats by hardening security and monitoring for brute force attempts across vulnerable systems.
Comment(s)
Categories
- Other (42)
- Ransomware (115)
- Events and News (25)
- Features (44)
- Security (412)
- Tips (79)
- Google (22)
- Achievements (6)
- Products (30)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (171)
- Cyber Attack (208)
- Data Backup (11)
- Data Breach (67)
- Phishing (129)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (52)
- Knoweldgebase (37)
- Botnet (15)
- Updates (3)
- Alert (68)
- Hacking (54)
- Social Media (7)
- vulnerability (48)
- Hacker (30)
- Spyware (8)
- Windows (5)
- Microsoft (20)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (2)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (4)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (4)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (6)
- Offers (5)
- Gaming (1)
- FireFox (1)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (2)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (1)
Recent Posts
Archive
Tags
phishing
cyber attack
ransomeware
ransomware
data breach
android malware
data stealing
ddos
phishing email
twitter
india
microsoft
cert-in
malware
whatsapp
clop
email phishing
pakistani hackers
critical vulnerability
december cyber attacks
independence day
occasion
telegram
trojan
ddos attack
fedex
scam
cybercrime
winrar
cyber security
lockbit
play store
organisation
clop gang
microsoft team
clop gang extorting
user data leak
pakistan-backed hacker
hacking
malicious apps
android apps
cyber attack in india
android
cert
pune
cryptojacking
google play store
data backup
canon
facebook