Skip to main content
Special FeatureTips & GuidesHeightsGlobal Insights

Hackers Target Construction Firms Through Vulnerable Accounting Software

By October 18, 2024#!31Fri, 25 Oct 2024 13:03:46 +0800+08:004631#31Fri, 25 Oct 2024 13:03:46 +0800+08:00-1Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx31 25pm31pm-31Fri, 25 Oct 2024 13:03:46 +0800+08:001Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx312024Fri, 25 Oct 2024 13:03:46 +08000310310pmFriday=986#!31Fri, 25 Oct 2024 13:03:46 +0800+08:00Asia/Kuala_Lumpur10#October 25th, 2024#!31Fri, 25 Oct 2024 13:03:46 +0800+08:004631#/31Fri, 25 Oct 2024 13:03:46 +0800+08:00-1Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx31#!31Fri, 25 Oct 2024 13:03:46 +0800+08:00Asia/Kuala_Lumpur10#No Comments
Hackers Target Construction Firms Through Vulnerable Accounting Software

Cybersecurity researchers have warned about a growing threat targeting construction firms, specifically those using Foundation Accounting Software. This specialised software, widely used across sub-industries like plumbing, HVAC, and concrete, has been exposed to large-scale cyberattacks. Hackers are gaining unauthorised access to corporate networks by exploiting publicly exposed servers and weak account credentials.

A critical issue is that the Foundation software uses a Microsoft SQL Server (MSSQL) for its database operations, accessible via TCP port 4243 to support its mobile app. Unfortunately, this exposure leaves the database vulnerable to brute-force attacks, especially when users have not changed the default passwords for high-privilege accounts like “sa” and “dba”. These administrator accounts grant hackers full access, allowing them to execute dangerous commands through the xp extension feature within MSSQL.

Recent research revealed that attackers made up to 35,000 brute-force attempts to access a single system, eventually exploiting the default credentials. Once inside, hackers could run malicious commands, steal data, or perform further reconnaissance within the compromised network.

This presents a significant risk for companies relying on Foundation software. Despite the noisy nature of brute-force attempts, many companies fail to detect these attacks early enough. To protect against this growing threat, cybersecurity experts recommend immediately changing passwords, limiting the database’s public exposure, and disabling xp extension where necessary.

Although Foundation Accounting Software is mainly used in North America, the cybersecurity risks discussed here are relevant globally, including in Malaysia. Malaysian construction firms using similar software solutions for accounting and project management must proactively secure their systems to prevent similar breaches.

Stay tuned for Part 2, where we look into how construction firms can strengthen their defences against these cyberattacks and safeguard sensitive data.