Organizations in the HVAC, plumbing, concrete, and other sub-industries of the construction sector have been targeted through brute-force attacks against internet-exposed instances of the Foundation accounting software last week, reports The Record, a news site by cybersecurity firm Recorded Future.
Almost 35,000 brute-force attempts have been conducted by threat actors against a single host's Microsoft SQL Server leveraged by the accounting software for database operations, according to researchers from Huntress. Researchers also noted the risk of compromise being further exacerbated by the prevalence of weak passwords in the implementations of the software, with 33 of the almost 500 hosts with Foundation software having default credentials. While Foundation has yet to respond to the reported intrusions, Huntress has already warned entities subjected to suspicious activity. "...[W]e also sent out a precautionary advisory notification to any of our customers and partners who have the FOUNDATION software in their environment," Huntress added.