Hackers are targeting construction companies with brute force attacks, breaking into their networks and executing different commands remotely, according to cybersecurity researchers Huntress, who recently observed the attacks live.
According to researchers, cybercriminals are targeting Foundation, a software used by construction companies for accounting and project management. It helps manage finances, job costs, payrolls and reporting, and offers tools to track expenses, manage contracts and comply with industry regulations.
This software also has an accompanying mobile app, and for it to work properly, a Microsoft SQL Server (MSSQL) server needs to be configured to be publicly accessible via TCP port 4243. This server has two administrator accounts, and in many cases, users never changed the default passwords.
Execution commands
Cybercriminals appear to have picked up on this information and have targeted dozens of organizations with brute force attacks in an attempt to gain access to these accounts. In fact, Huntress detected 35,000 attempts on a single host in one hour. Researchers claimed to have seen “active breaches” at organizations working in plumbing, HVAC, concrete, and the like.
After gaining access, attackers attempt to enable features that allow them to execute commands on the operating system. Some of the commands observed by researchers were aimed at retrieving network configuration details and extracting information about hardware, the operating system, and user accounts.
Huntress says that out of all the endpoints it defends, 500 hosts were detected running Foundation, 33 of which had publicly exposed MSSQL databases with default administrator credentials. The researchers notified the company of their findings, but Foundation said the issue only affects local instances. In other words, users of the software should be the ones to take care of their security posture. The company stressed that not all servers have the same port open, and not all have the same default credentials.
Through Computer beeping
