In today’s increasingly connected world, cybersecurity remains a top concern for industries of all kinds, and construction is no exception. A recent cybersecurity investigation by Huntress, a Maryland-based firm specializing in digital threats, has revealed a pressing vulnerability for construction companies using Foundation Software. Serving over 43,000 professionals in the industry, Foundation Software is widely adopted by subcontractors in plumbing, HVAC, concrete, and other essential trades. However, Huntress reports that failure to update default login credentials has left several firms exposed to potential cyberattacks, underscoring the importance of vigilance in maintaining digital security.
A Critical Weakness
In a September 17 report, Huntress confirmed that hackers utilized brute force tactics—an automated method of guessing passwords—to target businesses still operating with factory-set credentials. This kind of attack can be particularly dangerous when systems are left unattended, highlighting how even basic cybersecurity oversights can lead to severe vulnerabilities. Out of over 3 million monitored endpoints, 500 systems using Foundation Software were flagged, and 33 of those were found vulnerable, with one system enduring more than 35,000 unauthorized login attempts.
These incidents serve as a reminder of how crucial it is for companies to regularly review their security practices, no matter the size or scope of their operations. When it comes to cybersecurity, even small gaps can lead to significant risks, especially in industries as complex as construction.
SaaS Offers a Safer Solution
In response to the findings, Foundation Software acknowledged the issue but emphasized that only companies using outdated, on-premise versions of their platform were affected. According to CEO Mike Ode, most of the company’s customers have transitioned to a secure, cloud-based software-as-a-service (SaaS) solution, where cybersecurity risks are mitigated through built-in protective measures.
“Security begins with the basics, like changing default passwords. For companies that have adopted our cloud-hosted platform, these vulnerabilities are automatically reduced,” Ode stated. He further encouraged users still relying on legacy systems to make the switch, offering enhanced protection under the company’s SaaS infrastructure. This move not only strengthens their defense against attacks but also provides an added layer of convenience and reliability.
Although the report suggested multiple companies might be affected, Ode hinted that the true scope of the breach may be limited to a single client, though an exact figure remains unclear. That said, it’s critical for companies to take proactive measures rather than waiting for a security breach to occur. Staying ahead of these threats ensures smoother operations and prevents unnecessary disruptions.
Cybersecurity Risks in Construction
The construction industry, often focused on physical projects, is increasingly reliant on digital platforms to manage accounting, payroll, and project tracking. This shift underscores the need for robust cybersecurity practices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has long advocated for the immediate reset of default credentials, noting that the use of factory settings leaves organizations wide open to exploitation.
John Hammond, a principal security researcher at Huntress, emphasized the ease with which hackers could break into vulnerable systems. “These are not complex attacks. Once hackers locate an on-premise Foundation server with default credentials, gaining access to sensitive data is as simple as inputting a password,” Hammond explained. In many cases, hackers don’t need highly sophisticated tools to exploit these weaknesses—just the opportunity provided by outdated security practices.
For construction firms, such breaches could mean exposure to a wealth of critical information, from financial data to internal project files, placing not only individual companies but entire networks at risk. As the industry becomes more digital, the repercussions of cyberattacks grow larger, potentially affecting not just finances but reputations and business relationships.
Proactive Protection Measures
To avoid falling prey to these types of attacks, Hammond advised companies to immediately update passwords and restrict access to Microsoft SQL servers unless absolutely necessary. It’s a simple step that can go a long way in safeguarding critical data and systems.
“Construction firms should treat their digital infrastructure with the same level of care they would for a job site’s physical security. You wouldn’t leave the front door wide open, and you shouldn’t leave your digital systems exposed either,” Hammond stated. In today’s environment, maintaining cybersecurity is not just an IT issue—it’s a company-wide responsibility. From executives to field workers, everyone plays a role in ensuring that the organization’s digital and physical assets are protected.
In an industry increasingly dependent on software solutions, maintaining cybersecurity protocols is no longer optional. Companies that invest in these safeguards will protect not only their financial data but also their broader operational integrity. A secure system enables construction firms to focus on what they do best—delivering projects on time and within budget—without the fear of digital disruptions.
Sources: www.constructiondive.com, www.agc.org, www.enr.com, www.bls.gov, www.yahoo.com/news, www.thedefensepost.com