Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others.Researchers at Huntress initially discovered the threat when tracking activity on Sept. 14. “What tipped us off was host/domain enumeration commands spawning from a parent process of sqlservr.exe,” the researchers wrote in their advisory.The software that the application uses includes a Microsoft SQL Server (MSSQL) instance for handling its database operations. According to the researchers, while it’s common to keep database servers on an internal network or behind a firewall, Foundation software contains features that allow access through a mobile app. Because of this, “the TCP port 4243 may be exposed publicly for use by the mobile app. This 4243 port offers direct access to MSSQL.”In tandem, Microsoft SQL Server has a default system admin account, known as “sa,” which has full administrative privileges over the entire server. With such high privileges, these accounts can enable users to run shell commands and scripts.The threat actors targeting the application have been observed brute-forcing the application at scale as well as using default credentials to gain access to victim accounts. In addition, threat actors appear to be using scripts to automate their attacks.It’s recommended that organizations rotate their credentials associated with Foundation software and keep installations disconnected from the Internet to prevent falling victim to these attacks.
Threat Actors Target Contractor Software
Related Posts
Clever ‘GitHub Scanner’ campaign abusing repos to push malware
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from…
Snap's new Spectacles 5 AR glasses are very large and not for sale – here's why
Snap/ZDNETSnap Inc., developer of the social media platform Snapchat, recently unveiled the fifth generation of its Spectacles AR headset at SPS 2024.The first thing you’ll notice about the Spectacles 5…