Cybersecurity

Construction companies attract new set of malicious hackers

The industry has a lot of vendors and invoices—and threat actors are taking notice.
article cover

Richard Clark/Getty Images

· 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A May 2024 report from risk-advisory firm Kroll found that malicious hackers are increasingly putting on their hard hats and going after construction companies.

Kroll found an increase in construction-company incident responses—from 3% to 6%—YOY in Q1 2024. To one Kroll pro, the growth reveals an industry with enticing weak spots and attractive windfalls for malicious hackers.

The most common tactic, according to Kroll’s associate managing director, Laurie Iacono: business email compromise, or attackers sending fraudulent invoices both to and from construction firms.

“This is an industry that has a lot of vendors,” Iacono told IT Brew. “They’re issuing a lot of invoices, and they’re receiving a lot of invoices for all the products and supplies that they have.”

The industry involves frequent onsite digital sign-ins via mobile devices, Kroll’s Q1 report read, and on-the-road employees may be less aware of fraudulent email characteristics.

Kroll’s Q1 2024 Cyber Threat Landscape report revealed other more highly targeted first-quarter sectors: professional services accounted for 24% of incident-response cases, followed by manufacturing (13%), financial services (9%), and healthcare (8%).

Like manufacturing, construction projects have high stakes to meet production and design expectations—a pressure that ransomware actors can abuse.

“In the summer, it’s very important in some climates to keep a project going. So if ransomware actors would get into a system like that and tie up their network, where they had to stop critical operations, that could be a scenario where an entity would be more likely to pay,” Iacono said.

In Q1 2024, Check Point Software Technologies researchers also saw a spike in attacks against manufacturing environments—revealing that the global manufacturing sector accounted for 29% of published ransomware attacks in Q1, nearly doubling year over year.

“What the hackers are finding is that large enterprises, for the most part, have their security pretty well buttoned up. We’re seeing smaller healthcare companies and smaller universities attacked, as well as the smaller companies that are typically in construction,” Pete Nicoletti, global CISO, Americas at Check Point Software Technologies, told IT Brew.

At-Bay’s 2024 InsurSec Report found that 63% of 2023 ransomware events targeted self-managed virtual private networks (VPNs). Members of a construction team may not be using a corporate device, Iacono said, and may have log in to a network remotely.

As ransomware actors pounce on remote connections and vulnerable network devices, Iacono recommended that IT pros at construction companies enforce multifactor authentication on external logins, as well as patch-management prioritization—best practices that manufacturing firms have been learning as they face increasing cyberattacks.

“Those firms may be trying to get more controls in place,” Iacono said. “So then actors think ‘Well, what’s a similar sector that would have the same issues?’”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.