ventilation, and air conditioning), and general construction firms.<\/p>\n
Last week, cybersecurity research company Huntress reported a marked increase in attempts to infiltrate FOUNDATION accounting software.<\/p>\n
The cybercriminals’ modus operandi is unsophisticated yet highly effective: using the software’s default credentials to gain unauthorized access to the systems.<\/p>\n
The threat actors appear to be targeting companies working within the construction industry, with specific interest in plumbing, HVAC, and general construction companies.<\/p>\n
FOUNDATION, a popular accounting software widely used within the construction industry to control job expenses and manage project costs, comes with default credentials for ease of setup.<\/p>\n
Leaving these default credentials unchanged, however, leaves the door wide open for cybercriminals.<\/p>\n
As the researchers at Huntress<\/a> point out, threat actors can easily find lists of default credentials on the Internet or in the software’s user manuals.<\/p>\n Armed with this information, attackers can then proceed to use brute force mechanisms to gain unauthorized access.<\/p>\n The damaging potential of such attacks is enormous.<\/p>\n For example, in 2017, a major breach of hospitality software firm Avanti Markets resulted in the compromise of personal data, including biometric information, of millions of customers.<\/p>\n The data breach occurred when hackers exploited the software’s Default User credentials, highlighting the peril of unchanged default access information.<\/p>\n Companies using FOUNDATION, or indeed any other software, are urged to take the following crucial steps to ensure the security of their data and systems:<\/p>\n Cyber threats are now an ever-present reality for businesses across all sectors.<\/p>\n There has never been a more crucial time to ensure that you are doing everything in your power to secure your systems, including simple steps like changing the default credentials on your software.<\/p>\n ventilation, and air conditioning), and general construction firms. Hackers Exploit Default Credentials in FOUNDATION Software<\/p>\n","protected":false},"author":1,"featured_media":1907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,5],"tags":[],"class_list":["post-1906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-news","pmpro-has-access"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/1906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/comments?post=1906"}],"version-history":[{"count":1,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/1906\/revisions"}],"predecessor-version":[{"id":1913,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/1906\/revisions\/1913"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media\/1907"}],"wp:attachment":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media?parent=1906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/categories?post=1906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/tags?post=1906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Real-world Examples and Impact<\/h2>\n
Fight Back: Practical Advice on Safeguarding Your Systems<\/h2>\n
\n
Follow-Up Reading<\/h2>\n
\n