flexiblefullpage -
billboard - default
interstitial1 - interstitial
Currently Reading

Construction continues to be vulnerable to cyberattacks

Building Technology

Construction continues to be vulnerable to cyberattacks

The latest report from eSentire finds a total of 4 million “hostile events” against all sectors during the spring months.

By John Caulfield, Senior Editor | October 15, 2018

eSentire sent out 57,000 alerts about potential threats in the second quarter of 2018, and Construction was among the top five industries to receive them. Image: eSentire

Construction was among the top five business sectors targeted by cyberattacks in the second quarter of 2018, according to the latest “threat report” released earlier this month by eSentire, the largest pure-play managed detection and response service provider.

Based on intelligence gathered from more than 2,000 proprietary network and host-based detection sensors distributed globally in multiple industries, eSentire estimates that the number of attacks on Microsoft Internet Information Services (IIS) jumped to 1.7 million in the second quarter, from 2,000 in the first quarter. Most sources targeting IIS web servers originated from China-based IP addresses: according to Shodan, the global search engine for Internet-connected devices, there are 3.5 million IIS web servers exposed (with 1 million in China). The compromised servers largely originated from the Tencent and Alibaba sites.

eSentire observed IIS and WebLogic attacks originating from servers hosting Apache, RDP, SQL, IIS, and HTTP API services. Most of the records included known potential vulnerabilities based on server software version. Vulnerability records for attacking servers showed a steady increase. The majority of this growth appeared to come from Apache HTTP Servers, version 2.4.23. In the same period, records reporting vulnerabilities in IIS 7.5 and HTTP Server 2.4.10 appeared to diminish.

Four million potentially hostile events resulted in 57,000 alerts having been sent from eSentire’s SOC (Security Operations Center) between April 1 and June 30, 2018. Normalizing by sensor count, the top five affected industries were Biotechnology, Accounting Services, Real Estate, Marketing, and Construction. Regardless of industry, most attackers are probably looking to drive ad revenue or adopt compromised servers into their attack infrastructure, the report suggests.

The reason attacks continue, posits the report, is because most organizations have internal systems they hesitate to update for fear it will change or break something. These systems are sometimes accidentally exposed to background internet radiation which includes a firehose of exploits. Or, they are unaware that a patch is necessary or underestimate the gravity of failing to patch. This is an easily rectifiable problem that nevertheless lingers for many businesses.

There also was an increase, in general, in phishing attacks that used shipping invoice lures, despite an overall decline in the use of DocuSign—which facilities the exchanges of contracts and signed documents—as lures. Construction, Education, and Marketing experienced the largest amount of confirmed phishing attacks, with DocuSign dominating the lures observed; likely, these industries make frequent use of DocuSign in handling digital invoices and quotes due to remotely based business relationships and employees.

Construction was vulnerable to phishing attacks that used DocuSign as their primary lure. Image: eSentire


Real Estate experienced high volumes of D-Link home router exploit attempts. Marketing was subjected to a high volume of D-Link exploit attempts and a sizable degree of malicious PowerShell activity. And Construction experienced a large amount of Drupalgeddon2 attacks (the name given to an extremely critical vulnerability Drupal maintainers patched in late March).  

PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators, and power-users can rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes. PowerShell commands let you manage computers from the command line.

In Q2 2018, the eSentire detection surface revealed that an obfuscated PowerShell realized an increase of 50% in commands, partly due to Emotet, a sophisticated malware.

Emotet, a four-year-old banking trojan, continues to evolve and emerge; antivirus solutions detected it, on average, only 22% of the time in the quarter. Emotet remains a popular choice for threat actors and was the most frequently observed malware due to numerous version updates and feature additions since it was first reported in 2014. Obfuscated malicious PowerShell commands increased 50% in Q2 2018.

Nearly half (49%) of Emotet samples included “invoice,” “payment,” or “account” in their file names. For Emotet’s competitor, Hancitor, fax documents were a popular lure (25%).

To protect against Emotet and to mitigate worming capabilities, Server Message Block Protocol (SMB) communications between systems in a network should be restricted via group policy settings or in the configuration of host-based Intrusion Prevention Systems (HIPS).

Malware, which is intended to damage or disable computers and systems, breaks down into four threat levels: malicious, suspicious, benign, and ambiguous (like false positives). Construction ranked fourth—behind Healthcare, Real Estate, and Marketing—for malware events (20 per sensor), and ranked second (after Accounting Services) for reputational blocks (about 5.25 alerts per sensor), which occur when known bad Internet Protocols (IPs) are detected trying to establish connections with monitored clients. Accounting Services and Construction are known to have large threat surfaces.

Some IPs only attempted an IIS or WebLogic exploit, while other IPs attempted both. The IPs attempting IIS and WebLogic persisted throughout the quarter, said eSentire, but those tended to rise with the emergence of other potential campaigns, indicating some threat actors may have an array of botnets in different configurations.

Related Stories

Building Technology | Jun 9, 2022

GSA Green Proving Ground program selects six innovative building technologies for evaluation

The U.S. General Services Administration’s (GSA) Green Proving Ground program, in collaboration with the U.S. Department of Energy, has selected six innovative building technologies for evaluation in GSA’s inventory.

Smart Buildings | Jun 1, 2022

Taking full advantage of smart building technology

Drew Deatherage of Crux Solutions discusses where owners and AEC firms could do better at optimizing smart technology in building design and operations.

Sponsored | BD+C University Course | May 10, 2022

Design guide for parapets: Safety, continuity, and the building code

This course covers design considerations for parapets. The modern parapet must provide fire protection, serve as a fall-protective guard, transition and protect the roof/facade interface, conceal rooftop equipment, and contribute to the aesthetic character of the building. 

Sponsored | BD+C University Course | May 10, 2022

Designing smarter places of learning

This course explains the how structural steel building systems are suited to construction of education facilities.

Sponsored | BD+C University Course | May 2, 2022

12 factors to consider in evaluating tankless water heaters for multifamily housing projects

The pace of tankless water heater adoption in the overall residential market could portend greater acceptance in the broader multifamily market. Despite these positive signs, many developers hold fast to the notion that tankless units can’t produce enough hot water to meet the needs of hundreds of apartment or condo dwellers. Here are 12 factors to consider in evaluating tankless water heaters for your next multifamily housing project.

Concrete Technology | Apr 19, 2022

SGH’s Applied Science & Research Center achieves ISO 17025 accreditation for concrete testing procedures

Simpson Gumpertz & Heger’s (SGH) Applied Science & Research Center recently received ISO/IEC17025 accreditation from the American Association for Laboratory Accreditation (A2LA) for several concrete testing methods.

Sponsored | BD+C University Course | Apr 19, 2022

Multi-story building systems and selection criteria

This course outlines the attributes, functions, benefits, limits, and acoustic qualities of composite deck slabs. It reviews the three primary types of composite systems that represent the full range of long-span composite floor systems and examines the criteria for their selection, design, and engineering.

Wood | Apr 13, 2022

Mass timber: Multifamily’s next big building system

Mass timber construction experts offer advice on how to use prefabricated wood systems to help you reach for the heights with your next apartment or condominium project. 

AEC Tech | Apr 13, 2022

Morphosis designs EV charging station for automaker Genesis

LA-based design and architecture firm Morphosis has partnered with automotive luxury brand Genesis to bring their signature brand and styling, attention-to-detail, and seamless customer experience to the design of Electric Vehicle Charging (EVC) Stations.

AEC Tech | Apr 13, 2022

A robot automates elevator installation

  Schindler—which manufactures and installs elevators, escalators, and moving walkways—has created a robot called R.I.S.E. (robotic installation system for elevators) to help install lifts in high-rise buildings.

boombox1 - default
boombox2 -
native1 -

More In Category

halfpage1 -

Most Popular Content

  1. 2021 Giants 400 Report
  2. Top 150 Architecture Firms for 2019
  3. 13 projects that represent the future of affordable housing
  4. Sagrada Familia completion date pushed back due to coronavirus
  5. Top 160 Architecture Firms 2021


Magazine Subscription

Get our Newsletters

Each day, our editors assemble the latest breaking industry news, hottest trends, and most relevant research, delivered to your inbox.


Follow BD+C: