A recent alert from Maryland-based cybersecurity firm Huntress highlights a concerning vulnerability for construction companies using on-premise accounting and project management software with default login credentials. According to their report last month, a brute-force attack targeted users of a major construction accounting software vendor, exposing sensitive data due to default usernames and passwords being left unchanged.
The primary targets were subcontractors in sectors such as plumbing, HVAC, and concrete—industries that typically depend on legacy systems and may not have robust cybersecurity measures in place. This incident serves as a critical reminder for all businesses—especially those in industries like construction that rely on specialized software—to ensure you have appropriate protections in place and prioritize basic cybersecurity to reduce your operational risk.
Understanding the Threat
A brute force attack hacking method that uses trial and error to guess login credentials. It is a simple yet highly effective method to gain unauthorized access. Huntress discovered about 500 hosts running the targeted software from the 3 million-plus endpoints it monitors for its clients. From that pool of 500, Huntress confirmed that a sample of 33 hosts were exposed to the internet with unchanged default credentials. Default credentials are usernames and passwords that come with the software that you purchase and are supposed to be changed upon installation. On one impacted host, Huntress observed more than 35,000 brute force login attempts. This incident highlights the determination of the threat actors involved and how a combination of brute force and misconfigured security settings can lead to system compromise.
The Importance of Proper Configuration and Maintenance
In this case, the affected clients were primarily those still using older, on-premises versions of the software rather than the hosted cloud environment and noted that the breach occurred because these clients had failed to change the default usernames and passwords supplied with the software creating an easy entry point for attackers. These types of vulnerabilities could result in significant data breaches or further malicious activities exposing organizations to operational and reputational risk that can be easily avoided by handling proper cyber hygiene to remove default credentials, limit public exposure, and disable risky features.
Why Default Credentials Are a Major Risk
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has long warned against the dangers of using default credentials, calling it a significant cybersecurity issue. These credentials are easily accessible to hackers, who can use them to gain unauthorized access to sensitive systems and data.
Proactive Measures to Protect Your Business
As construction companies increasingly rely on digital technology, their digital networks become more complex, creating potential vulnerabilities that cybercriminals can exploit before security measures are in place. It is important to master the basic cybersecurity to minimize the operational risk to organizations. The ripple effect of cyberattacks isn’t confined to a single construction firm. These attacks can spill over into corporate partnerships, affecting clients and colleagues when cybercriminals target other firms using interconnected systems.
Incidents of brute force attacks underscore the importance of adopting a proactive cybersecurity approach, particularly for businesses using specialized software in industries like construction. The following measures are recommended to mitigate such risks:
- Change Default Credentials Immediately: Ensure that all default usernames and passwords upon installation of any software.
- Regularly review security settings of your software: Periodic assessments of your system security settings can identify vulnerabilities and help you stay ahead of potential threats.
- Implement Multi-Factor Authentication (MFA): Adding an extra layer of security, such as MFA, can prevent unauthorized access even if credentials are compromised.
- Monitor Login Activity: Set up alerts and regularly monitor for brute-force attempts or suspicious login activity on critical systems.
- Regularly Update Software: Keep software and systems up to date with the latest patches and updates to protect against known vulnerabilities.
- Employee Training and Awareness: Educate staff about required cybersecurity best practices, including the importance of safeguarding login credentials and emerging threats within your industry.
How We Can Help
At Withum, our Cyber and Information Security Services Team is led by experienced professionals and equipped to assist businesses in fortifying their cybersecurity posture. We offer comprehensive services ranging from vulnerability assessments and penetration testing to risk assessments, policy development and staff training. Our goal is to help you identify and address security gaps before they can be exploited. This brute force attack incident is just one example of how a minor oversight can lead to significant vulnerabilities. By taking proactive steps and partnering with a trusted cybersecurity advisor, you can better protect your business and its critical assets.
Authors: Jason Spezzano, Executive Cybersecurity Advisor | [email protected]; Louis Sandor III, CPA, CCIFP, Partner and Practice Leader, Construction Services | [email protected]; and Donald Foster | [email protected]
Contact Us
For more information on this topic, please contact a member of Withum’s Cyber and Information Security Services Team.
