Construction companies potentially vulnerable through accounting software, report says

Omega Balla
Unidentified hackers have targeted companies in the construction industry through accounting software known as Foundation, researchers said Tuesday.

Unidentified hackers have targeted companies in the construction industry through accounting software known as Foundation, researchers said Tuesday.

The attackers go looking for installations of Foundation that are publicly accessible on the internet, then try combinations of default usernames and passwords that can allow for administrative access, according to cybersecurity firm Huntress

The platform’s Ohio-based developer, Foundation Software, did not respond by publication time on Tuesday to a request for comment from Recorded Future News.

Huntress said it has seen active intrusions through the software among companies in the plumbing, concrete and heating, ventilation, and air conditioning (HVAC) industries. The researchers didn’t mention how successful the attacks were or what their goal was.

The researchers said they first discovered the malicious activity targeting Foundation last week. On one host, the researchers observed nearly 35,000 brute-force login attempts against the Microsoft SQL Server (MSSQL) used by the company to handle its database operations.

Normally, such databases are kept private and secured behind a firewall or virtual private network (VPN), but Foundation “features connectivity and access by a mobile app,” researchers said. This means that a certain TCP port — used to manage and distinguish network traffic on a computer — might be made available to the public, giving direct access to the MSSQL database. 

In many cases, Foundation users kept the default, easy-to-guess passwords to protect high-privilege database accounts, according to the report.  Researchers said they discovered 500 hosts running the Foundation software, and nearly 33 of them were publicly exposed with unchanged default credentials.

“In addition to notifying those where we saw suspicious activity, we also sent out a precautionary advisory notification to any of our customers and partners who have the FOUNDATION software in their environment,” Huntress said.

IndustryCybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

AT&T to pay $13 million FCC settlement for 2023 data breach

Next Post

Marko Polo cybercrime gang targets cryptocurrency users, influencers with scams

Related Posts

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based
Omega Balla
Read More