Posted by Tyler Chancey GCFA on Tue, Aug 6, 2019 @ 11:37am

Someone needs to tell cyber-criminals to take notes from old-west bank robbers. Who doesn’t love gunslingers loudly dueling it out with cowboys after busting into a bank vault with dynamite? The getaway while under fire was always the best scene in old Spaghetti Westerns. Unfortunately, modern-day cybercriminals decided to take a much stealthier approach to their craft. There are very few explosions in the security realm, but that doesn’t make the threat any less real.

Cybercrime does not follow a common standard, but trends within industries do exist. Industry-specific attacks are common, and adversaries will change their tactics based on the company they are targeting. One of the most significant factors in determining what to defend within a company is to determine the valuables. Old-west bank robbers knew to go for the vault within the bank because that’s where the money was located. Cybercriminals have the same approach when they are financially motivated.

Many times, the criminals are more aware of what is valuable than the business owners are!  Construction has become a popular target for cybercrime because they deal with massive projects and many subcontractors. This confusion of cooperation can leave chances for criminals to steal information, money, or even business. In order to keep a construction company secure, we need to first determine the valuables and then make firm decisions on how to defend these assets.

Cybercrime Motivation – Construction

Your business has something of value to an attacker. Construction is a target-rich environment that generally has severely lacking security compared to other industries with similar revenue. Criminals have an uncanny ability to sniff out valuables that even you may not know about.

  • Finances
    Far and away the most popular motivation for cybercrime, construction companies move a lot of money around. By infiltrating a system and manipulating where that money goes, attackers can steal millions simply by changing a few numbers in a wire-transfer transaction. This allows the attackers to get a full wire-transfer for a contract with very little work from their end.
     
  • Customer Data
    Most businesses have customers, but few have customers with pockets as deep as those involved in construction. Government, healthcare, and major corporations all require someone to build their facilities and infrastructure. Construction companies deal with many high-value targets, and data is worth a fortune for attackers. This can cost construction companies big, with fines for mishandling of data becoming more prevalent.
     
  • Systems
    Computer and networking systems have intrinsic value simply by existing. When you invest in a machine, you are paying for the performance you will get out of that device. No one is happy when they get 50% of what they paid for, but attackers are doing this very thing with machines in the construction industry. Endpoints are infected with malware that siphons resources for their own use. This free processing power allows them to launch attacks from your network. They can even use your machines and electricity to generate income via “coin-miners.” While this may seem minor, this passive loss of performance can profoundly harm the bottom-line and end up costing you even more in IT.
     
  • Espionage
    Corporate espionage is not as cool as the name would imply. Discovering plans, customer data, pricing, and employee information can give a huge leg-up on the competition. While illegal, there is great incentive to find “classified” info on your competitors. This can be especially prevalent in construction companies involved in international markets.

Biggest Threats and Attacks Against the Construction Industry

The construction industry is not unique – it is just as vulnerable to an attack as any other business. Awareness is a key factor in fighting back. This list will cover some of the more common attacks faced by construction companies of all sizes. It is by no means comprehensive, but it will allow you to gauge what is being experienced by the industry as a whole:

  • Ransomware
    This one is a big factor in many company’s IT plans. Ransomware can bring your company to a grinding halt by locking all systems until a ransom is paid. Construction is a popular target for ransomware because there are generally unpatched legacy machines in the environment that are extra vulnerable to attack. This is easily one of the most threatening types of malware in terms of sheer downtime and resource usage.
     
  • Wire Fraud/Wire Transfer Manipulation
    This is another well-known threat within the security industry. Wiring instructions are one of the most important documents within a company. There are quite a few varieties to this attack, but a popular way to go about it for attackers is to change your instructions on outbound emails. Attackers can breach the network and change the instructions for wiring to your business for customers. This attack is usually a double whammy: your customer will lose their money, and you won’t get paid (but the attackers will).  These tend to be some of the costliest cyberattacks in the industry in terms of reputation and satisfaction.
     
  • Phishing
    Phishing is more of a means rather than an end, but it is still a massive threat to many construction firms. Your security stack is only as good as your users, and most companies face double-digit rates of failure on phishing trials. When a user clicks on malicious links within an email, any number of scenarios can occur. Phishing can lead to data loss, financial theft, hijacked machines, and even executive blackmail. One of the most common targets for phishers is anyone at the executive level. These accounts generally have the most power and are prime targets for malicious thieves.
     
  • Insider Threats
    People are generally vetted extensively before being hired. This process usually gets you good employees who are loyal to your company. However, a massive threat to any business is the possibility of an insider threat. One very unfortunate reality is that many IT personnel will hold their company “hostage” by being the sole point of expertise on all critical systems. If these employees are let go or become disgruntled, they can steal all sorts of important data and even bring the network down permanently.

Closing Thoughts

Obviously, there are more than a few attacks that are targeting the construction industry. There are far too many threats on the internet to even begin to account for all scenarios in a single post. The purpose of this post was to create a general awareness around what presents the greatest threat to your business.

Awareness is one of the most important factors when attempting to stay secure. It is critical to invest in security nowadays. Maintaining a solid security posture reinforced by user training and audits is the only way a targeted business will have any chance of surviving an attack. Be sure to stay up to date on the newest security trends, and stay safe out there! When in doubt, hire a third-party construction IT services professional.

Share This

Related Posts

12/18/2017
Disaster Recovery Testing is the process of going through each and every essential piece of a business or organization’s disaster recovery plan. The goal is to ensure that the existing is thorough enough to ensure that the business can recover in…
02/11/2019
There are many reasons your company should implement an IT governance framework.
05/15/2018
Whether you consider yourself a technology-based business or not, data has likely been on your mind. Keeping our data safe and secure is essential to maintaining a trusted business, but there is so much more to your records than you might realize.