Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others.Researchers at Huntress initially discovered the threat when tracking activity on Sept. 14. “What tipped us off was host/domain enumeration commands spawning from a parent process of sqlservr.exe,” the researchers wrote in their advisory.The software that the application uses includes a Microsoft SQL Server (MSSQL) instance for handling its database operations. According to the researchers, while it’s common to keep database servers on an internal network or behind a firewall, Foundation software contains features that allow access through a mobile app. Because of this, “the TCP port 4243 may be exposed publicly for use by the mobile app. This 4243 port offers direct access to MSSQL.”In tandem, Microsoft SQL Server has a default system admin account, known as “sa,” which has full administrative privileges over the entire server. With such high privileges, these accounts can enable users to run shell commands and scripts.The threat actors targeting the application have been observed brute-forcing the application at scale as well as using default credentials to gain access to victim accounts. In addition, threat actors appear to be using scripts to automate their attacks.It’s recommended that organizations rotate their credentials associated with Foundation software and keep installations disconnected from the Internet to prevent falling victim to these attacks.
Threat Actors Target Contractor Software
Related Posts
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor…
CISA Director Easterly seeks to quell concerns about election security
U.S. elections have “never been more secure,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly in public comments days before the 2024 presidential election, as officials seek to quell…