Key Cyber Threats Facing the Construction Industry

In 2018, the use of botnets, a network of computers and Internet of Things (IoT) devices infected with malicious software and controlled as a group, increased 500 percent over 2017. This surge in malicious activity led to a 250 percent increase in overall intrusion attempts experienced by organizations when compared to 2017.

With the exponential growth of cybersecurity threats being a common theme in 2018, 2019 will present significant challenges for organizations looking to stay ahead of threats. For even the best-prepared organizations, the increase in threats will present considerable operational and financial challenges as sophisticated tools make it easier and more economical to execute cyber-attacks.

But what does the growing amount of cyber threats mean for the construction industry? According to eSentire’s 2018 Annual Threat Report, which examines data from more than 500 organizations, the construction industry was the third most impacted industry affected by cyber threats in 2018. In 2017, construction was the second most impacted industry, but this improvement in rank is not because of an industry-wide improvement in its security practices. Instead, cybercriminals broadened their focus to other industries that are far less mature in their security practices, like banking and health care, where regulations require the implementation of better security controls.

Although industries that have long been targets of hackers have hardened their defenses, industries, like construction, education and manufacturing, are now more susceptible than ever to experiencing a breach.

Below are some of the specific issues affecting the construction industry and recommendations on how to better secure their assets.

Email Is Enemy No. 1

Email remains the most common attack vectors for hackers with phishing campaigns being pervasive throughout every industry. The construction industry is likely just as heavily targeted as the financial or legal industries, but any successful attack is caused by a lack of technical controls by the organization and the lack of employee awareness around phishing, as well as a susceptibility to opportunistic attacks.

In 2018, emails that masqueraded as fake DocuSign emails were the most successful type of phishing email attack. With the prevalence of DocuSign in the construction industry, employee education and strong technical controls are important for construction organizations to implement to prevent themselves being compromised.

Malware Continues to Pose Problems

Malware, software that is specifically designed to disrupt, damage or gain unauthorized access to a computer system, usually enters organizations through two sources: email that includes links to a malicious website or a malicious attachment and web-browsing. In 2018, the construction industry proved to be quite susceptible to browser-based social engineering exploits, such as fake Adobe Flash updates, which coax users into installing cryptocurrency miners on their Windows computers.

When best practices for internet browsing and email are in place, many malware infections are easily preventable. For a large labor or guest force, additional mitigations may be necessary at the application and process level, including endpoint monitoring, strict firewall rules, and robust training for knowledge and labor workers.

IoT Devices Bring Increased Risk

In the case of IoT devices, the eSentire Annual Threat Report observed a growing trend in IoT exploits targeting surveillance, door controllers and media devices. These types of devices are commonly found on construction sites, so it is important to ensure the software on these devices is updated regularly to prevent compromise and exploitation.

How to Protect Your Company

To protect your organization from the growing number of threats, construction companies can implement specific measures to prevent their networks from being compromised by common attacks.

For email-based attacks, reducing the attack surface will protect organizations from both phishing and email-born malware. Some measures to consider include:

  • Creating a simplified process for reporting and responding to suspicious emails.
  • Implementing awareness training for employees with ongoing simulated phishing exercises to assess effectiveness.
  • Only allowing email attachments containing trusted file types.
  • Blocking or purchasing domain names similar to your organization to prevent abuse.

When it comes to malware, many infections detected in 2018 used trusted Microsoft Windows processes, like PowerShell, for executing code downloaded from the internet. To prevent these attacks from being executed, construction companies should consider:

  • Blocking Microsoft Office execution from temporary directories, such as Outlook and internet browsers.
  • Blocking macros in Microsoft Office documents that originate from the internet.
  • Setting notepad.exe as the default program for scripting file types (.js, .jse, .ps, .vba, etc.).

Finally, to stay protected from these exploits (be they through webservers, switches, routers or IoT devices) companies should:

  • Work with the IT or security department to implement a regular patching schedule.
  • Consider two-factor authentication for externally facing remote access points.
  • Implement monitoring and detection of asset exposure to external networks.

The Threat Intelligence Team at cyber security company eSentire, combs the industry for the latest techniques, tactics and procedures used by today’s threat actors. For more information, visit eSentire’s website or follow @eSentire on Twitter.

About the Author

Keegan Keplinger
Keegan Keplinger began working in Cambridge, Ontario, Canada-based eSentire’s threat intelligence department as a data and intelligence analyst. Currently, Keplinger is a data visualization lead on the Threat Intelligence Team at eSentire.

Be the first to comment on "Key Cyber Threats Facing the Construction Industry"

Leave a comment

Your email address will not be published.


*


%d bloggers like this: