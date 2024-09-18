Application security, Threat Intelligence, Patch/Configuration Management

Accounting software targeted to breach construction sector

Share
Construction of the San Joaquin River Viaduct in July 5, 2017, in Fresno, Calif. (Photo by California High-Speed Rail Authority via Getty Images)
(Photo by California High-Speed Rail Authority via Getty Images)

Organizations in the HVAC, plumbing, concrete, and other sub-industries of the construction sector have been targeted through brute-force attacks against internet-exposed instances of the Foundation accounting software last week, reports The Record, a news site by cybersecurity firm Recorded Future.

Almost 35,000 brute-force attempts have been conducted by threat actors against a single host's Microsoft SQL Server leveraged by the accounting software for database operations, according to researchers from Huntress. Researchers also noted the risk of compromise being further exacerbated by the prevalence of weak passwords in the implementations of the software, with 33 of the almost 500 hosts with Foundation software having default credentials. While Foundation has yet to respond to the reported intrusions, Huntress has already warned entities subjected to suspicious activity. "...[W]e also sent out a precautionary advisory notification to any of our customers and partners who have the FOUNDATION software in their environment," Huntress added.

Related

Vulnerable API, bot attack losses on the rise

Automated API exploitation, which comprised 30% of all API attacks, was two to three times higher among organizations with revenues exceeding $1 billion, with the elevated likelihood of abuse attributed to the presence of more exposed or insecure APIs within their ecosystems.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.