flexiblefullpage
billboard
interstitial1
catfish1
Currently Reading

Construction continues to be vulnerable to cyberattacks

Building Technology

Construction continues to be vulnerable to cyberattacks

The latest report from eSentire finds a total of 4 million “hostile events” against all sectors during the spring months.


By John Caulfield, Senior Editor | October 15, 2018

eSentire sent out 57,000 alerts about potential threats in the second quarter of 2018, and Construction was among the top five industries to receive them. Image: eSentire

Construction was among the top five business sectors targeted by cyberattacks in the second quarter of 2018, according to the latest “threat report” released earlier this month by eSentire, the largest pure-play managed detection and response service provider.

Based on intelligence gathered from more than 2,000 proprietary network and host-based detection sensors distributed globally in multiple industries, eSentire estimates that the number of attacks on Microsoft Internet Information Services (IIS) jumped to 1.7 million in the second quarter, from 2,000 in the first quarter. Most sources targeting IIS web servers originated from China-based IP addresses: according to Shodan, the global search engine for Internet-connected devices, there are 3.5 million IIS web servers exposed (with 1 million in China). The compromised servers largely originated from the Tencent and Alibaba sites.

eSentire observed IIS and WebLogic attacks originating from servers hosting Apache, RDP, SQL, IIS, and HTTP API services. Most of the records included known potential vulnerabilities based on server software version. Vulnerability records for attacking servers showed a steady increase. The majority of this growth appeared to come from Apache HTTP Servers, version 2.4.23. In the same period, records reporting vulnerabilities in IIS 7.5 and HTTP Server 2.4.10 appeared to diminish.

Four million potentially hostile events resulted in 57,000 alerts having been sent from eSentire’s SOC (Security Operations Center) between April 1 and June 30, 2018. Normalizing by sensor count, the top five affected industries were Biotechnology, Accounting Services, Real Estate, Marketing, and Construction. Regardless of industry, most attackers are probably looking to drive ad revenue or adopt compromised servers into their attack infrastructure, the report suggests.

The reason attacks continue, posits the report, is because most organizations have internal systems they hesitate to update for fear it will change or break something. These systems are sometimes accidentally exposed to background internet radiation which includes a firehose of exploits. Or, they are unaware that a patch is necessary or underestimate the gravity of failing to patch. This is an easily rectifiable problem that nevertheless lingers for many businesses.

There also was an increase, in general, in phishing attacks that used shipping invoice lures, despite an overall decline in the use of DocuSign—which facilities the exchanges of contracts and signed documents—as lures. Construction, Education, and Marketing experienced the largest amount of confirmed phishing attacks, with DocuSign dominating the lures observed; likely, these industries make frequent use of DocuSign in handling digital invoices and quotes due to remotely based business relationships and employees.

Construction was vulnerable to phishing attacks that used DocuSign as their primary lure. Image: eSentire

 

Real Estate experienced high volumes of D-Link home router exploit attempts. Marketing was subjected to a high volume of D-Link exploit attempts and a sizable degree of malicious PowerShell activity. And Construction experienced a large amount of Drupalgeddon2 attacks (the name given to an extremely critical vulnerability Drupal maintainers patched in late March).  

PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators, and power-users can rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes. PowerShell commands let you manage computers from the command line.

In Q2 2018, the eSentire detection surface revealed that an obfuscated PowerShell realized an increase of 50% in commands, partly due to Emotet, a sophisticated malware.

Emotet, a four-year-old banking trojan, continues to evolve and emerge; antivirus solutions detected it, on average, only 22% of the time in the quarter. Emotet remains a popular choice for threat actors and was the most frequently observed malware due to numerous version updates and feature additions since it was first reported in 2014. Obfuscated malicious PowerShell commands increased 50% in Q2 2018.

Nearly half (49%) of Emotet samples included “invoice,” “payment,” or “account” in their file names. For Emotet’s competitor, Hancitor, fax documents were a popular lure (25%).

To protect against Emotet and to mitigate worming capabilities, Server Message Block Protocol (SMB) communications between systems in a network should be restricted via group policy settings or in the configuration of host-based Intrusion Prevention Systems (HIPS).

Malware, which is intended to damage or disable computers and systems, breaks down into four threat levels: malicious, suspicious, benign, and ambiguous (like false positives). Construction ranked fourth—behind Healthcare, Real Estate, and Marketing—for malware events (20 per sensor), and ranked second (after Accounting Services) for reputational blocks (about 5.25 alerts per sensor), which occur when known bad Internet Protocols (IPs) are detected trying to establish connections with monitored clients. Accounting Services and Construction are known to have large threat surfaces.

Some IPs only attempted an IIS or WebLogic exploit, while other IPs attempted both. The IPs attempting IIS and WebLogic persisted throughout the quarter, said eSentire, but those tended to rise with the emergence of other potential campaigns, indicating some threat actors may have an array of botnets in different configurations.

Related Stories

| Aug 11, 2010

8 Things You Should Know About Designing a Roof

Roofing industry expert Joseph Schwetz maintains that there is an important difference between what building codes require and what the construction insurance industry—notably mutual insurance firm Factory Mutual—demands—and that this difference can lead to problems in designing a roof.

| Aug 11, 2010

America's Greenest Hospital

Hospitals are energy gluttons. With 24/7/365 operating schedules and stringent requirements for air quality in ORs and other clinical areas, an acute-care hospital will gobble up about twice the energy per square foot of, say, a commercial office building. It is an achievement worth noting, therefore, when a major hospital achieves LEED Platinum status, especially when that hospital attains 14 ...

| Aug 11, 2010

Concrete Solutions

About five or six years ago, officials at the University of California at Berkeley came to the conclusion that they needed to build a proper home for the university's collection of 900,000 rare Chinese, Japanese, and Korean books and materials. East Asian studies is an important curriculum at Berkeley, with more than 70 scholars teaching some 200 courses devoted to the topic, and Berkeley's pro...

| Aug 11, 2010

Piano's 'Flying Carpet'

Italian architect Renzo Piano refers to his $294 million, 264,000-sf Modern Wing of the Art Institute of Chicago as a “temple of light.” That's all well and good, but how did Piano and the engineers from London-based Arup create an almost entirely naturally lit interior while still protecting the priceless works of art in the Institute's third-floor galleries from dangerous ultravio...

| Aug 11, 2010

Bronze Award: John G. Shedd Aquarium, Chicago, Ill.

To complete the $55 million renovation of the historic John G. Shedd Aquarium in the allotted 17-month schedule, the Building Team had to move fast to renovate and update exhibit and back-of-house maintenance spaces, expand the visitor group holding area, upgrade the mechanical systems, and construct a single-story steel structure on top of the existing oceanarium to accommodate staff office sp...

| Aug 11, 2010

AIA Course: Building with concrete – Design and construction techniques

Concrete maintains a special reputation for strength, durability, flexibility, and sustainability. These associations and a host of other factors have made it one of the most widely used building materials globally in just one century. Take this free AIA/CES course from Building Design+Construction and earn 1.0 AIA learning unit.

| Aug 11, 2010

Great Solutions: Green Building

27. Next-Generation Green Roofs Sprout up in New York New York is not particularly known for its green roofs, but two recent projects may put the Big Apple on the map. In spring 2010, the Lincoln Center for the Performing Arts will debut one of the nation's first fully walkable green roofs. Located across from the Juilliard School in Lincoln Center's North Plaza, Illumination Lawn will consist ...

| Aug 11, 2010

Pioneer Courthouse: Shaking up the court

In the days when three-quarters of America was a wild, lawless no-man's land, Pioneer Courthouse in Portland, Ore., stood out as a symbol of justice and national unity. The oldest surviving federal structure in the Pacific Northwest and the second-oldest courthouse west of the Mississippi, Pioneer Courthouse was designed in 1875 by Alfred Mullett, the Supervising Architect of the Treasury.

| Aug 11, 2010

Gold Award: Eisenhower Theater, Washington, D.C.

The Eisenhower Theater in the John F. Kennedy Center for the Performing Arts in Washington, D.C., opened in 1971. By the turn of the century, after three-plus decades of heavy use, the 1,142-seat box-within-a-box playhouse on the Potomac was starting to show its age. Poor lighting and tired, worn finishes created a gloomy atmosphere.

| Aug 11, 2010

Great Solutions: Business Management

22. Commercial Properties Repositioned for University USE Tocci Building Companies is finding success in repositioning commercial properties for university use, and it expects the trend to continue. The firm's Capital Cove project in Providence, R.I., for instance, was originally designed by Elkus Manfredi (with design continued by HDS Architects) to be a mixed-use complex with private, market-...

boombox1
boombox2
native1

More In Category



Engineers

Navigating battery energy storage augmentation

By implementing an augmentation plan upfront, owners can minimize potential delays and unforeseen costs when augmentation needs to occur, according to Burns & McDonnell energy storage technology manager Joshua Crawford.


3D Printing

3D-printed construction milestones take shape in Tennessee and Texas

Two notable 3D-printed projects mark milestones in the new construction technique of “printing” structures with specialized concrete. In Athens, Tennessee, Walmart hired Alquist 3D to build a 20-foot-high store expansion, one of the largest freestanding 3D-printed commercial concrete structures in the U.S. In Marfa, Texas, the world’s first 3D-printed hotel is under construction at an existing hotel and campground site.

halfpage1

Most Popular Content

  1. 2021 Giants 400 Report
  2. Top 150 Architecture Firms for 2019
  3. 13 projects that represent the future of affordable housing
  4. Sagrada Familia completion date pushed back due to coronavirus
  5. Top 160 Architecture Firms 2021