Accelerated digital transformation and overdependence on third-party vendors have made the construction sector an increasingly attractive target for Chinese, Russian, North Korean, and Iranian state-backed advanced persistent threat operations, reports Cyber Security News.APTs leveraged phishing emails, stolen Remote Desktop Protocol, Citrix, and Secure Shell credentials, as well as supply chain flaws to infiltrate building and construction networks and facilitate subsequent lateral network movement for the theft of sensitive organizational data, including contracts and personal information, according to an analysis from Rapid7 researchers.Moreover, RDP, SSH, SMTP, FTP, VPN, and Citrix credentials harnessed by nation-state hackers were obtained from dark web markets, instead of being procured from their own attacks. Additional findings revealed the prolific marketplace for such credentials, with many sellers offering active session or network diagram screenshots to prove access. Threat actors have also been able to verify the marketplaces' reputation via advanced rating systems and escrow services, researchers added.
Threat Intelligence
Construction sector bombarded with APT intrusions

(Photo by Joe Woolhead/Construction Photography/Avalon/Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



