Construction firms hit by massive summer surge in cyber-attacks

Malicious attacks on company systems running Microsoft’s Internet Information Services (IIS) rose from 2,000 in the first quarter of 2018 to 1.7 million in the second, with the construction industry one of the five sectors most targeted, a report claims.

The analysis from eSentire, a cybersecurity consultant based in Cambridge, Ontario, looked at attacks on servers running IIS, as well as Oracle WebLogic and the Drupal open-source platform. It found that the attacks mostly originated from servers with Chinese IP addresses.

Sectors most affected were construction, accounting, biotechnology, marketing and real estate, which eSentire said was caused by the prevalence of vulnerable, outdated IT systems.

Hackers gained control of systems to create mayhem by accessing confidential information, unleashing ransomware, or planting "cryptominers" on servers to force them to use their CPUs to create digital currency.

A common attack uses the Emotet trojan to obtain enough financial information to access a company’s bank account.

The programs are often found in malicious documents or URL links inside the body of an email, sometimes disguised as an invoice or PDF attachment. About half of Emotet attacks used files with "invoice", "payment", or "account" in their name.

Construction was the least likely sector to be attacked out of the five, but it was the principal target for phishing attacks, often based on the DocuSign app for handling digital invoices, as well as fake Office 365 and Dropbox files.

The severity of this kind of "credential theft" depends on what service the username and password were being used to log onto. The theft of DocuSign or Dropbox credentials being particularly dangerous, especially if the same credentials are used to access more than one service.  

The report comments that companies can take simple steps to reduce their exposure to cyber-attacks.

It says: "The reason attacks continue is because most organisations have internal systems they hesitate to update for fear it will change or break something.

"These systems are sometimes accidentally exposed to background internet radiation which includes a firehose of exploits. Or, they are unaware that a patch is necessary or underestimate the gravity of failing to patch.

"This is an easily rectifiable problem that lingers for many."

  • The report can be downloaded here.

Image: The notorious Wannacry ransomware attack loaded this screen to victims’ computers

Further reading:

Story for GCR? Get in touch via email: [email protected]

Latest articles in Trends