Hackers Target Default Passwords in FOUNDATION Software to Breach Construction Companies

ByChris Wright

The cybersecurity landscape is increasingly jeopardized by hackers targeting the construction industry, specifically through unauthorized access to FOUNDATION Accounting Software, putting many businesses at risk.

Short Summary:

  • Cybercriminals exploit default passwords in FOUNDATION software, targeting construction firms.
  • Over 35,000 brute-force login attempts were recorded on single hosts, affecting multiple contractors in plumbing, HVAC, and concrete sectors.
  • Huntress advises immediate steps for businesses to secure their systems against these vulnerabilities.

The construction industry is under siege as hackers utilize brute-force techniques to access FOUNDATION Accounting Software, which is widely employed for payroll, job costing, and various financial management tasks. A recent report from the cybersecurity firm Huntress has highlighted the alarming rise of these attacks since September 14, 2024, particularly targeting small to mid-sized contractors who have left default credentials unchanged.

According to Huntress, the compromised organizations include firms operating in plumbing, HVAC (heating, ventilation, and air conditioning), concrete, and other construction-related sub-industries. The vulnerability appears to lie within the design of the FOUNDATION software, which utilizes a Microsoft SQL Server (MSSQL) configuration, allowing external access through TCP port 4243. This accessibility, while beneficial for mobile applications, inadvertently opens the door to unauthorized users.

“Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials,” stated a representative from Huntress.

Through this vulnerability, attackers can exploit two high-profile default accounts, “sa” (system administrator) and “dba” (database administrator), often left unchanged by users. It’s striking that of the 500 hosts analyzed by Huntress running the FOUNDATION software, 33 were found to be publicly accessible with these unchanged credentials.

The cybersecurity firm reported that in a notable incident, hackers executed approximately 35,000 login attempts on one host alone. The attackers employed advanced scripting, automating their efforts across multiple businesses, which indicates a sophisticated approach to their hacking endeavors.

“This is an extended stored procedure that allows the execution of OS commands directly from SQL, enabling users to run shell commands and scripts as if they had access rights right from the system command prompt,” Huntress explained.

Once inside the system, these cybercriminals have the potential to execute commands that can expose critical business information. Reports indicate that they can access sensitive data, including network configurations and employee details, thus posing severe risks to the business and its clients.

In light of these findings, Huntress strongly urges organizations using the FOUNDATION software to act swiftly. They recommend the following security measures:

  • Change Default Passwords: Rotate all default passwords for administrative accounts immediately, adopting strong, unique passwords that are resistant to brute force attacks.
  • Limit Server Exposure: Regularly review the system configurations to ensure the MSSQL server isn’t unnecessarily exposed to the internet. If external access is required, it should be secured with robust firewall protections and real-time monitoring systems.
  • Conduct Regular Security Audits: Schedule frequent assessments of your IT infrastructure to ensure that unnecessary ports are closed and that all security protocols are upheld.

The construction sector has seen significant growth recently, especially in cities like Atlanta. However, this expansion brings an equally heightened risk of cyber threats. Hackers are focusing on vulnerabilities that exist within the infrastructure of businesses, especially those that rely on specialized software like FOUNDATION.

“Candidly, it takes just one command to log in, and just two more to do real damage,” stated John Hammond, principal security researcher at Huntress.

This sentiment underlines the urgency for contractors to reevaluate their cybersecurity strategies. Foundation Software claims to serve over 43,000 construction professionals nationwide, reinforcing the reach and potential impact of these breaches.

Although the incidents reported by Huntress predominantly involved businesses running on-premises software, Foundation’s CEO, Mike Ode, emphasized the importance of switching to a hosted solution. “If you buy software and install it at your place, you are responsible for security and the walls and the perimeter, right?” Ode remarked, urging clients to utilize their Software-as-a-Service (SaaS) environment to mitigate risks effectively.

Interestingly, the U.S. Cybersecurity and Infrastructure Agency has been vocal about the vulnerabilities linked to default passwords, consistently advising organizations to reset them. Huntress’s report, indicating that many breaches were tied to organizations neglecting to change their default login information, underscores the necessity for immediate corrective actions.

In summary, as the threat of cyberattacks looms larger, businesses operating within the construction industry must take proactive steps to secure their networks against these threats. The consequences of ignoring these vulnerabilities can not only impact financial data but can also destroy trust with clients and disrupt overall operations. Cybersecurity may not seem like a primary focus for construction professionals, but it has become critical in today’s digital landscape.

For any construction firm utilizing the Foundation accounting software, it’s crucial now more than ever to ensure that systems are securely configured and regularly updated. Regular audits, robust security measures, and proactive management of digital credentials can significantly bolster defenses against potential cyber threats.

Finally, businesses should consider professional assessments to ensure resilience against these emerging threats. Huntress is currently offering complimentary cybersecurity assessments for construction companies in the Metro area, encouraging every firm to take action before it’s too late.

For more information or to schedule a consultation, contact us today at (678) 619-1218 or book an appointment for a quick 15-minute chat regarding your cybersecurity posture.

Similar Posts

Implications of the SolarWinds Incident for CISOs and Corporate Cybersecurity Resilience

ByChris Wright

The SolarWinds incident has become a pivotal case for Chief Information Security Officers (CISOs) and corporate cybersecurity, spotlighting the regulatory challenges and evolution of executive accountability within the cybersecurity landscape. Short Summary: CISO liability is heightened as the SEC targets cybersecurity disclosures, reshaping corporate governance. The dismissal of most SEC claims against SolarWinds offers a…

Genians Collaborates with Central American Countries to Strengthen Cybersecurity at K-CAFTA Forum

ByChris Wright

In an effort to bolster cybersecurity across Central America, Genians is collaborating with regional governments and firms, emphasizing a united front in addressing critical cyber threats during the K-CAFTA Forum. Short Summary: Genians partners with Central American nations to enhance cybersecurity. Key initiatives focus on Zero Trust principles and managed cybersecurity systems. The collaboration aims…

Mike Lindell’s Team Allegedly Mimics Election Security Initiative Amid Cyber Concerns

ByChris Wright

Mike Lindell’s team, recognized for its controversial election fraud claims, is reportedly soliciting private data from local election officials amid rising cyber concerns, prompting scrutiny from cybersecurity experts and election monitoring organizations. Short Summary: Mike Lindell’s Election Crime Bureau is collecting personal data from local election officials across the United States. The initiative raises significant…

Major UK Railways Halt Wi-Fi Access Following ‘Cybersecurity Breach’

ByChris Wright

UK railway stations are currently experiencing major disruptions as public Wi-Fi has been taken offline following a significant cybersecurity breach that displayed extremist messages on login pages. Short Summary: Cybersecurity incident at major UK railway stations led to public Wi-Fi suspension across 19 locations. The breach displayed anti-Islamic messages, raising security concerns among passengers. British…

GenAI’s Role in Strengthening Cybersecurity: Lessons from the Recent Verizon DBIR Insights

ByChris Wright

The Verizon 2024 Data Breach Investigations Report (DBIR) highlights significant trends in cybercrime, revealing the persistent threats that organizations face, with a focus on the limited role of generative AI in malicious activities. Short Summary: Credential compromise remains the leading method for cybercriminals to breach networks. The report emphasizes an alarming increase in vulnerability exploitation,…

From Military Service to Cybersecurity: Navigating New Challenges and Opportunities

ByChris Wright

The shift from military service to a career in cybersecurity represents a significant opportunity for veterans, offering them not only a path to meaningful work but also a chance to leverage their unique skill sets in an increasingly vital field. As cyber threats loom over global infrastructures, the demand for cybersecurity professionals continues to escalate,…

Leave a Reply