Hackers have been exploiting vulnerabilities in Foundation, a widely-used accounting software within the construction industry, targeting sectors such as plumbing, concrete, and HVAC. Recent findings by Huntress researchers have highlighted a significant risk for companies using the on-premise version of Foundation software, which could leave crucial data exposed to malicious attacks.
Researchers have detected brute-force attacks on publicly exposed Microsoft SQL Server (MSSQL) databases linked to Foundation. The vulnerability stems from the use of default administrative credentials, which has allowed hackers to gain unauthorized access to sensitive systems.
On one host, Huntress documented nearly 35,000 brute-force login attempts against the MSSQL database. This breach is particularly alarming given that Foundation software facilitates access through a mobile app, potentially exposing certain TCP ports to the public, which could provide direct access to company databases.
Even if your Idaho construction company doesn’t use Foundation accounting software, the security vulnerabilities highlighted in this report are relevant. To safeguard your organization against growing threats, IT administrators and security analysts should immediately take the following steps:
Review Default Software Configurations: Ensure that all business-critical software, including accounting platforms like Foundation, is properly configured. Default usernames and passwords must be changed to strong, unique credentials.
Strengthen Brute-Force Detection: Enhance monitoring and detection mechanisms for unusual login attempts, particularly for publicly exposed MSSQL databases. Prioritize systems that are accessible via mobile apps or other external platforms.
Implement Proper Network Segmentation: Place sensitive systems behind secure firewalls or virtual private networks (VPNs). Eliminate unnecessary public exposure of TCP ports to minimize access points for hackers.
Proactive Vendor Engagement: Work closely with your software providers to implement recommended security updates and best practices. Stay informed about any security patches or advisories from vendors like Foundation to ensure your environment remains protected.
In response to the report, Foundation Software, the Ohio-based developer of the platform, emphasized that this security incident affects only a small subset of on-premise users who did not follow recommended security practices, such as updating default credentials. The majority of users, operating under the cloud-based Software-as-a-Service (SaaS) model, are unaffected.
Foundation is actively working with Huntress to clarify some details of their report and have been providing technical support to their affected users to mitigate risks.
Conclusion
As cybersecurity threats evolve, it is critical for construction companies in Idaho to remain vigilant. By following best practices and actively engaging with software vendors, IT administrators and security analysts can help prevent breaches, ensuring that sensitive company and client data remains secure. The proactive implementation of these recommendations can significantly reduce the risk of attacks on your organization's accounting and operational systems.
For further information and support on protecting your business from security vulnerabilities, please contact TotalCare IT.