Impress IT Solutions: Safeguarding Construction Firms from FOUNDATION Software Vulnerabilities

By Impress IT Solutions | September 2024

The construction industry is facing a new wave of cyberattacks targeting a popular software used by many firms: FOUNDATION Accounting Software. Cybercriminals are exploiting default credentials left unchanged by companies, exposing sensitive financial data and operational systems to significant risk. At Impress IT Solutions, we specialize in helping construction firms protect their critical systems and data, ensuring that vulnerabilities like this are patched and secured.

The Risk Facing Construction Companies

According to a recent report from cybersecurity firm Huntress, attackers have been brute-forcing access to FOUNDATION Accounting Software, a tool widely used in the construction industry for managing accounting and financial operations. Threat actors gain access by leveraging default credentials—passwords and usernames that come pre-set with the software but are often not changed after installation.

This vulnerability primarily affects sectors within the construction industry such as plumbing, HVAC, concrete, and other sub-industries that rely on FOUNDATION to manage their accounting needs. While the software’s Microsoft SQL (MS SQL) Server handles the database operations, an open TCP port 4243 allows remote access to the database via mobile applications, leaving it exposed to malicious activity.

How Attackers Exploit FOUNDATION Software

The attackers use brute-force methods to guess the default credentials for two key accounts within the software: the “sa” (system administrator) and the “dba” (database administrator) accounts. If these credentials are not changed, cybercriminals can gain access to the database. Once inside, they exploit the xp_cmdshell feature, which allows them to run arbitrary OS shell commands directly from the SQL database. This grants them virtually unlimited control over the system, enabling them to execute malicious scripts, steal sensitive data, or disrupt business operations.

In a recent example from September 2024, Huntress detected over 35,000 brute-force login attempts on an MS SQL server running FOUNDATION before the attackers successfully breached the system. Out of 500 hosts running the software across their endpoints, 33 were found to have default credentials still in place, leaving them vulnerable to attack.

Protect Your Construction Business with Impress IT Solutions

At Impress IT Solutions, we understand the unique needs and challenges facing the construction industry. Cyberattacks like this one can cause severe disruptions to your business, leading to data breaches, financial loss, and reputational damage. That’s why we offer specialized cybersecurity services to protect your construction firm from the latest threats targeting the industry.

1. Credential Management and Security Best Practices

One of the key reasons FOUNDATION software is vulnerable is the failure to update default credentials. At Impress IT Solutions, we work closely with your team to ensure that all default usernames and passwords are changed immediately upon installation. Additionally, we help implement strong password policies to minimize the risk of brute-force attacks.

2. Database Security and Vulnerability Management

Many construction firms are unaware of the dangers posed by exposed ports like TCP 4243. Our experts provide comprehensive security audits to identify and close any vulnerable ports or services that might be accessible over the internet. By securing your database connections and ensuring that xp_cmdshell is disabled where necessary, we minimize the risk of unauthorized access.

3. Endpoint Protection and Monitoring

Even if attackers attempt to breach your network, our advanced endpoint protection solutions provide real-time monitoring and defense. This ensures that any suspicious activity, such as brute-force attempts or unusual database commands, is detected and blocked before damage can occur.

4. Backup and Disaster Recovery Solutions

No security system is foolproof, so it’s essential to have a disaster recovery plan in place. At Impress IT Solutions, we help construction firms set up regular backups of their critical data and systems, so that in the event of a cyberattack, your business can recover quickly and minimize downtime.

Real-World Impact: Protecting a Construction Company from Database Breaches

Recently, we worked with a large construction firm that was using FOUNDATION software to manage their accounting. After learning about the growing cyber threat targeting this software, they contacted Impress IT Solutions to assess their security posture.

We immediately identified several vulnerabilities, including unchanged default credentials and an exposed TCP 4243 port. Our team implemented robust security measures, including updating credentials, closing the vulnerable port, and securing their MS SQL server. Additionally, we set up 24/7 monitoring to detect any future threats. As a result, the company has been able to continue its operations without fear of a data breach or cyberattack.

Why Choose Impress IT Solutions for Your Construction Firm’s Cybersecurity?

At Impress IT Solutions, we’re not just an IT provider—we’re your partner in security. We know that construction firms have specific needs when it comes to accounting software and cybersecurity. With our expertise, we can help you safeguard your systems from both emerging and long-standing threats, allowing you to focus on what you do best: building the future.

Here’s why construction firms trust us:

  • Industry-Specific Solutions: We understand the unique cybersecurity needs of the construction industry.
  • Proactive Defense: We don’t just react to threats; we help you stay ahead of them.
  • Comprehensive Protection: From credential management to endpoint monitoring, we offer complete cybersecurity solutions.
  • Experienced Team: Our team of cybersecurity experts has a proven track record of securing businesses from all sectors.

Protect Your Business Today

Don’t wait for a cyberattack to disrupt your business. Contact Impress IT Solutions today to learn how we can help protect your construction firm from vulnerabilities in FOUNDATION software and other potential threats. Let’s work together to secure your data, maintain your operations, and keep your projects on track.


Impress IT Solutions – Building a Secure Future for Construction Firms

 

Managed IT Services For Houston Construction Companies

Experience how great local IT Support can be for your Construction Company. To get started, we recommend taking advantage of a quick 10-minute consultation