September 18, 2024 at 11:14AM
Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default credentials have been identified. Organizations are advised to rotate credentials, disconnect installations from the internet, and disable the exploited procedure.
Key takeaways from the meeting notes:
– Cybersecurity firm Huntress has raised an alarm about a series of cyberattacks targeting Foundation Accounting Software, commonly used by contractors in the construction industry.
– Threat actors have been observed brute forcing the application at scale and using default credentials to gain access to victim accounts since September 14.
– Multiple organizations in plumbing, HVAC, concrete, and other sub-industries have been compromised via Foundation software instances exposed to the internet.
– The attacks target a default system administrator account in the Microsoft SQL Server (MSSQL) instance within the Foundation software, with full administrative privileges.
– Attackers also create a second account with high privileges, left with default credentials, enabling them to execute OS commands directly from SQL.
– The threat actors appear to be using scripts to automate their attacks, as evidenced by executing the same commands on machines pertaining to several unrelated organizations within a few minutes.
– It has been identified that only 33 publicly exposed hosts running the Foundation software have unchanged default credentials.
– Huntress advises organizations to rotate all credentials associated with their Foundation software instances, keep their installations disconnected from the internet, and disable the exploited procedure where appropriate.
Please let me know if you need further information or if there’s anything else I can assist you with.