TLDR:
– Cybersecurity firm Huntress discovered a threat to users of Foundation Software in the construction industry.
– Default credentials were used by affected companies, leaving them vulnerable to attack.
Ellicott City, Maryland-based cybersecurity firm Huntress identified a cybersecurity threat to users of Foundation Software, a system serving 43,000 construction professionals nationwide. The threat involved a “brute force” attack, targeting plumbing, HVAC, concrete, and similar subcontractors who were actively impacted. The attack relied on default credentials that were not changed upon installation of the software. About 500 hosts running the Foundation software were affected, with 33 hosts having unchanged default credentials publicly exposed. Foundation Software responded by stating that affected users were limited to those using legacy software physically installed at their companies, rather than the hosted software-as-a-service offering. Users of the software were urged to change their credentials to protect themselves from potential breaches. The U.S. Cybersecurity and Infrastructure Agency highlighted the use of default passwords as a major cybersecurity issue and recommended organizations to reset them. Microsoft SQL, used by Foundation Software, featured two high-privilege administrative accounts with default credentials that could be exploited by attackers. Huntress advised limiting access to SQL servers if not needed, changing default passwords, and restricting functionality for unnecessary components to enhance security.
