Accountancy Software Cyberattack hits US Construction Firms

Cyberattacks have struck the US construction industry, targeting a widely-used accounting software solution. The attacks exploit vulnerabilities in older versions of Foundation Software, a product serving 43,000 construction professionals across the country.

Huntress, a US cybersecurity firm, uncovered what it terms an "emerging threat" affecting users of Foundation Software. The company monitors over 3 million endpoints for its clients, identifying approximately 500 hosts running the Foundation software.

Huntress reports that plumbing, heating, ventilation and air conditioning (HVAC), concrete and other subcontractors have been impacted by the cyberattacks. These businesses form a crucial part of the construction supply chain, providing specialised services to larger contractors and developers.

The cybersecurity firm describes the hack as a "brute force" attack. This method involves perpetrators using an automated trial-and-error engine to guess credentials or other sensitive information.

John Hammond, Principal Security Researcher at Huntress, says: "The affected companies were using default credentials at the time of the intrusion. These are usernames and passwords that come with the software on purchase and are supposed to be changed on installation."

Construction cyberattack reveals major vulnerability

The use of default passwords is a significant cybersecurity issue, according to the US Cybersecurity and Infrastructure Agency. The agency has been urging organisations to reset these passwords to protect against potential breaches.

Huntress says he has seen more than 35,000 brute force login attempts on a single impacted host. The company confirms that a sample of 33 hosts were publicly exposed with unchanged default credentials.

Foundation Software says affected users are those using legacy software physically installed on premises, rather than via Foundation's hosted environment. The company is urging impacted firms to adopt hosted software instead of on-premise installations. 

To protect against the threat, Huntress advises contractors using Foundation Software to change their credentials, including passwords. 

Hammond adds: "Even though the intrusions occurred, there was no compromise or malicious activity on those computers. However, the potential for harm remains if the vulnerability is not addressed."
-------
Construction Digital is a BizClik brand