Contractor Software Targeted via Microsoft SQL Server Loophole

  /     /     /  
Publicated : 23/11/2024   Category : security


Contractor Software Targeted via Microsoft SQL Server Loophole


By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.



Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others.
Researchers at Huntress initially discovered the threat when tracking activity on Sept. 14. What tipped us off was host/domain enumeration commands spawning from a parent process of sqlservr.exe,
the researchers wrote in their advisory
.
The software that the application uses includes a
Microsoft SQL Server (MSSQL)
instance for handling its database operations. According to the researchers, while its common to keep database servers on an internal network or behind a firewall, Foundation software contains features that allow access through a mobile app. Because of this, the TCP port 4243 may be exposed publicly for use by the mobile app. This 4243 port offers direct access to MSSQL.
In tandem, Microsoft SQL Server has a default system admin account, known as sa, which has full administrative privileges over the entire server. With such high privileges, these accounts can enable users to run shell commands and scripts.
The threat actors targeting the application have been observed brute-forcing the application at scale as well as using default credentials to gain access to victim accounts. In addition, threat actors appear to be using scripts to automate their attacks.
Its recommended that organizations rotate their credentials associated with Foundation software and keep installations disconnected from the Internet to prevent falling victim to these attacks.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Contractor Software Targeted via Microsoft SQL Server Loophole