All Insights

All Insights

All Insights

Emerging Cybersecurity Threat Targets Construction Accounting Systems

Emerging Cybersecurity Threat Targets Construction Accounting Systems

Emerging Cybersecurity Threat Targets Construction Accounting Systems

Katelyn Fuchs

Katelyn Fuchs

Katelyn Fuchs

9/23/24

9/23/24

9/23/24

In today’s increasingly connected world, cybersecurity remains a top concern for industries of all kinds, and construction is no exception. A recent cybersecurity investigation by Huntress, a Maryland-based firm specializing in digital threats, has revealed a pressing vulnerability for construction companies using Foundation Software. Serving over 43,000 professionals in the industry, Foundation Software is widely adopted by subcontractors in plumbing, HVAC, concrete, and other essential trades. However, Huntress reports that failure to update default login credentials has left several firms exposed to potential cyberattacks, underscoring the importance of vigilance in maintaining digital security.

A Critical Weakness

In a September 17 report, Huntress confirmed that hackers utilized brute force tactics—an automated method of guessing passwords—to target businesses still operating with factory-set credentials. This kind of attack can be particularly dangerous when systems are left unattended, highlighting how even basic cybersecurity oversights can lead to severe vulnerabilities. Out of over 3 million monitored endpoints, 500 systems using Foundation Software were flagged, and 33 of those were found vulnerable, with one system enduring more than 35,000 unauthorized login attempts.

These incidents serve as a reminder of how crucial it is for companies to regularly review their security practices, no matter the size or scope of their operations. When it comes to cybersecurity, even small gaps can lead to significant risks, especially in industries as complex as construction.

SaaS Offers a Safer Solution

In response to the findings, Foundation Software acknowledged the issue but emphasized that only companies using outdated, on-premise versions of their platform were affected. According to CEO Mike Ode, most of the company’s customers have transitioned to a secure, cloud-based software-as-a-service (SaaS) solution, where cybersecurity risks are mitigated through built-in protective measures.

“Security begins with the basics, like changing default passwords. For companies that have adopted our cloud-hosted platform, these vulnerabilities are automatically reduced,” Ode stated. He further encouraged users still relying on legacy systems to make the switch, offering enhanced protection under the company’s SaaS infrastructure. This move not only strengthens their defense against attacks but also provides an added layer of convenience and reliability.

Although the report suggested multiple companies might be affected, Ode hinted that the true scope of the breach may be limited to a single client, though an exact figure remains unclear. That said, it’s critical for companies to take proactive measures rather than waiting for a security breach to occur. Staying ahead of these threats ensures smoother operations and prevents unnecessary disruptions.

Cybersecurity Risks in Construction

The construction industry, often focused on physical projects, is increasingly reliant on digital platforms to manage accounting, payroll, and project tracking. This shift underscores the need for robust cybersecurity practices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has long advocated for the immediate reset of default credentials, noting that the use of factory settings leaves organizations wide open to exploitation.

John Hammond, a principal security researcher at Huntress, emphasized the ease with which hackers could break into vulnerable systems. “These are not complex attacks. Once hackers locate an on-premise Foundation server with default credentials, gaining access to sensitive data is as simple as inputting a password,” Hammond explained. In many cases, hackers don’t need highly sophisticated tools to exploit these weaknesses—just the opportunity provided by outdated security practices.

For construction firms, such breaches could mean exposure to a wealth of critical information, from financial data to internal project files, placing not only individual companies but entire networks at risk. As the industry becomes more digital, the repercussions of cyberattacks grow larger, potentially affecting not just finances but reputations and business relationships.

Proactive Protection Measures

To avoid falling prey to these types of attacks, Hammond advised companies to immediately update passwords and restrict access to Microsoft SQL servers unless absolutely necessary. It’s a simple step that can go a long way in safeguarding critical data and systems.

“Construction firms should treat their digital infrastructure with the same level of care they would for a job site’s physical security. You wouldn’t leave the front door wide open, and you shouldn’t leave your digital systems exposed either,” Hammond stated. In today’s environment, maintaining cybersecurity is not just an IT issue—it’s a company-wide responsibility. From executives to field workers, everyone plays a role in ensuring that the organization’s digital and physical assets are protected.

In an industry increasingly dependent on software solutions, maintaining cybersecurity protocols is no longer optional. Companies that invest in these safeguards will protect not only their financial data but also their broader operational integrity. A secure system enables construction firms to focus on what they do best—delivering projects on time and within budget—without the fear of digital disruptions.

Sources: www.constructiondive.com, www.agc.org, www.enr.com, www.bls.gov, www.yahoo.com/news, www.thedefensepost.com

Talk with a Construction Industry Veteran
Talk with a Construction Industry Veteran
Jeff Hall
President & CEO
Jeff Hall
President & CEO

Online

Online

Get in Touch

Get in Touch

Featured Projects

Irvine Spectrum Center

Marion Knott Studios

Cicerone Field at Anteater Ballpark

Finding Nemo Submarine Voyage

Palm Springs Convention Center

Sacramento Downtown Commons

University of Colorado Boulder

Rio Hondo College

Los Angeles Valley College

East Los Angeles Community College

University of California Irvine

California State University Fullerton

California State University Dominguez Hills

University of California Riverside

Cal State University Long Beach

Liberty Regional Medical Center

HCA Florida Lawnwood Hospital

Palmdale Regional Medical Center

Providence Healthcare Network

Providence Little Company of Mary Medical Center

Parham Doctor's Hospital

University of California Irvine Medical Center

Huntington Memorial Hospital

Walter and Leonore Annenberg Pavilion

Loma Linda Health Campus

The Fort Sutter Hotel Sacramento

The Ritz Carlton - Rancho Mirage

Mohegan Sun Casino and Resort

Kimpton Sawyer Hotel

Disney's Grand Californian Hotel & Spa

The Ritz Carlton - Lake Tahoe

The Grand Del Mar

Mondrian South Beach

Omni Scottsdale Resort & Spa at Montelucia

Sketchers Distribution Center

John Wayne Airport Security Expansion

Fairway Business Park

Northrup-Grumman Space Simulation Facility

Southwest Justice Center

RAND Corporate Headquarters

Nissan North America Headquarters

Pepeekeo Power Plant

Affordable Housing Initiative

King Abdullah Economic City

4th West Apartments

Dublin Station by Windsor

Lido Villas

Battery Lofts Residential

Duet Apartments - Opus 31

Duet Apartments - Opus 29

Bellevue West Luxury Apartments

Flushing Town Center

The Bravern Signature Residences

75 Wall Street

All Projects

12/16/24

Rethinking Modern Plumbing Fixtures: A Blueprint for Innovation

12/13/24

The Art of Reinvention: How Visionary Leadership Revitalizes Platforms

12/12/24

Building Momentum: Insights into Workforce Dynamics in Construction

12/11/24

Construction Industry in 2025: Key Trends and Opportunities

12/10/24

The Skilled Trades Talent Gap: Impacts on the Construction Industry

12/9/24

Navigating Construction’s Growing Challenges: Labor and Material Constraints

12/4/24

Rethinking Risk: The Hidden Pitfalls of Misaligned Metrics

12/3/24

Building the Foundations of Tomorrow: How Innovation is Redefining an Industry

12/2/24

Rewriting the Blueprint: How Sustainability Shapes Modern Construction Contracts

11/27/24

Building the Blueprint for Tomorrow’s Workforce

11/26/24

Reimagining the Construction Landscape: October 2024’s Milestones and Market Shifts

11/25/24

Building Momentum: Unveiling Los Angeles County’s Economic Catalysts

11/20/24

Weighing Progress Against Preservation: Housing Development Near Santa Barbara Mission

11/19/24

Labor Shortages and Strategic Shifts: Redefining Success in Construction

11/18/24

California’s $78 Billion Infrastructure Boom: Opportunities and Strategies for Industry Leaders

11/15/24

Navigating Potential Shifts in Construction Input Costs Amid Policy Changes

11/12/24

Industry Perspectives After the 2024 Election: Key Takeaways for Construction Professionals

11/11/24

California’s $10 Billion Education Revitalization: Building for the Future

11/8/24

2025: A Year of Transformation and Opportunity for Construction Firms

11/4/24

Construction Job Market Faces Seasonal Challenges Amid Storm Impacts

11/4/24

Navigating Uncertainty: How the 2024 Election Is Shaping Construction Decisions

11/4/24

Clayco Begins Construction on Landmark $300M Kali Hotel in Inglewood

11/4/24

Beyond the Ballot: How Society, Not Politics, Shapes Our Future

10/28/24

OCVibe Project: Anaheim Approves Housing Expansion, Reduces Office Space

10/21/24

Lumber Price Swings: What Developers and Owners Should Know About Construction Costs

10/28/24

Rethinking Homebuilding: How 3D Printing is Shaping the Future for Developers

10/21/24

Navigating Industrial Growth and Rural Preservation in Mead Valley

10/21/24

Electrifying the Future: How Commercial Construction Is Powering Up Sustainability

10/21/24

Interest Rate Reductions Ignite Growth in Construction Backlog

10/14/24

Hurricane Helene Unleashes Widespread Destruction, Months-Long Recovery Ahead

10/14/24

Balfour Beatty and Versarien Pioneer 3D-Printing Solutions for Civil Construction

10/14/24

Surf Parks Industry: Shaping the Future of Wave Riding in 2024

10/9/24

Disaster Relief and the Construction Industry’s Role in Rebuilding Communities

10/8/24

Breaking Barriers: Introducing Young Women to Construction

10/7/24

Could Gen Z Be the Next Toolbelt Generation?

10/2/24

Unveiling Los Angeles’ Digital Real Estate Boom

10/1/24

Air Force Innovates Military Housing with First Commercial Apartments in California

9/30/24

The Commercial HVAC Market: Energized by Data Centers and Smart Technologies

9/27/24

DOE’s $90M Initiative to Shape the Future of Building Efficiency

9/25/24

Virginia Tech Pioneers New Construction Safety Leadership Degree

9/23/24

Construction Input Costs Begin to Settle

9/20/24

The Hidden Costs of Rushing Construction

9/18/24

Essential Construction Conferences and Expos to Attend in Late 2024: Your Guide to Industry Growth and Innovation

9/16/24

Manufacturing’s Growth Surge: Key Projects Shaping the U.S. Construction Landscape

9/12/24

Building Momentum Amid Workforce Challenges: A New Landscape for Construction Firms

9/9/24

Meyer Burger Pulls Back on Ambitious U.S. Expansion Plans Amid Market Volatility

8/12/24

Surge in Construction Project Abandonments and Delays

8/5/24

From Sun Belt to Snow Belt?

7/5/24

Major Developments in California's Rail Projects for 2024

7/29/24

The Largest Construction Groundbreakings of Summer 2024

7/22/24

The Impact of Japan's Weakening Yen

8/12/24

The Instability of Construction Job Openings: A Closer Look

U.S. Consumer Prices Hold Steady Spring 2024

6/20/24

U.S. Consumer Prices Hold Steady Spring 2024

The CMAR Delivery Method

6/13/24

The CMAR Delivery Method

Embracing Potable Water Reuse

6/6/24

Embracing Potable Water Reuse

Construction’s Evolving Legal Landscape 

5/30/24

Construction’s Evolving Legal Landscape 

CTA Image

Want the latest information on construction materials?

Subscribe to the Paragon Post

Want the latest information on construction materials?

Subscribe to the Paragon Post

CTA Image

Want the latest information on construction materials?

Subscribe to the Paragon Post