Industry Insights • 10 MIN READ

False Contractors and Security Gaps in the Construction Industry

by Eleanor Barlow • Dec 2023

Construction projects are intricate, involving numerous stakeholders, contractors, subcontractors, architects, and engineers. Each party typically uses its own digital tools and platforms, creating a vast network of interconnected systems, which are highly distributed. Be it on site, or on the cloud, the complex and large-scale nature of construction projects, and vast amounts of sensitive information all stored digitally, are an attractive target for bad actors. 

According to Threat Intelligence data from DigitalShadows, between 16th August to 16th November 2023, there have been over 157 successfully targeted construction organisations.  When compared with May 16th, 2023 – August 15th, 2023, this number has increased by 36% from 117. And when compared with last year (August 16th, 2022 – November 16th, 2022) this number has risen by 75%.

Outdated Digital Security Measures 

Adopting new technology in the construction industry can take its time. Which can result in outdated and vulnerable systems. Many construction firms have traditionally focused more on physical security measures, such as fences and security guards, than digital security measures. For older businesses, who are accustomed to running a certain way, it can be particularly hard to change tactics. But because of uncertainty or unwillingness to change, unfortunately, many organisations are forced to adapt, only after a breach happens, and at a cost.

Not only are security measures outdated, but the same issues arise across the globe. The 10 most targeted locations of the Construction industry, according to Threat Intelligence data generated over the last 90 days alone, include the following list.

CountrySuccessfully Targeted Organisations
United States83
United Kingdom5
United Arab Emirates3
Data Source: DigitalShadows

Ransomware, Phishing, and Social Engineering Attacks are three of the most prominent forms of attack method in the industry.

Ransomware & Phishing Attacks

The high costs involved in construction projects means that ransomware is the end goal for the majority of attacks.

An example can been seen when French constructing behemoth Bouygues announced that threat actors held 200GB of their data to ransom and demanded $10 million. As a result, Bouygues had to shut down various operating systems to prevent the propagation of the attack. The ransomware event caused delays to various projects, highlighting the significant impact cybersecurity breaches can have on construction projects.

Often as the initial step to a Ransomware attack, phishing attacks are used by cybercriminals whereby fake emails and messages, posing as legitimate communications, are used to trick employees into disclosing sensitive information, downloading malware, or clicking on a malicious QR code (Quishing).

Not having the right steps in place to detect a phishing attack can be costly. According to the Information Commissioner’s Office (ICO), construction firm Interserve was fined £4.4mn for their poor cybersecurity measures, when an employee forwarded a phishing email to another employee, who downloaded its contents. As a result, the worker’s device was infected with malware. Although the company’s anti-virus detected the malware and issued an alert, the ICO revealed that Interserve did not thoroughly investigate the unusual activity and was fined for the lack of action.

Social Engineering Schemes posing as Construction Teams

Not only do Construction teams have to be up to date on their own security, but other industries must watch out for those posing as legitimate organisations/construction firms.

Social engineering involves manipulating people into divulging sensitive information or granting unauthorized access to IT systems. Cybercriminals may use social engineering tactics, such as posing as a legitimate vendor or contractor, to access a construction company’s network.

 St. Ambrose Catholic Parish in Ohio suffered a social engineering attack when hackers posed as the construction firm that had just restored the church’s roof. The perpetrators sent an email to the parish officials claiming that they had not been paid for two months. The unsuspecting parish officials wired $1.75 million into a fraudulent account, which the attackers emptied before anyone noticed. 

Active Threat Groups Targeting the Construction Industry in the Last 90 Days

Number of threat groups active: 43

68% Ransomware – Which shows a heavy focus on financial gain.

24% Data Breach – Which shows they also care about the data construction companies possess.

8% other (Defacement, DDoS etc)

Top 10 Most Active Threat Groups:

Threat GroupSuccessful Targets
Data Source: DigitalShadows

Cybersecurity Measures to Mitigate Risk 

  • Implement Firewalls and Antivirus Software

Ensure that firewalls are properly configured, and that antivirus software is regularly updated and scanned for malware. At SecurityHQ, we enforce a strict control mechanism for your firewalls while allowing you the flexibility and agility needed to carry out your business operations effectively.

  • Prioritize Email Authentication

Email authentication helps prevent email spoofing. The primary email authentication protocols employed by most businesses today include Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC), but awareness around what to look for and how to spot a potential threat is key. Read this blog for more on email authentication.

  • Keep Tabs on Digital Risks and Threats

Regular risk assessments can help construction companies identify vulnerabilities in their networks and processes and take steps to mitigate those risks. Trust our comprehensive Threat and Risk Intelligence TRI services, to help determine vulnerabilities, and take proactive steps to curtail attacks. 

Next Steps

At SecurityHQ, we understand the complex and critical infrastructure of the industry. Our Threat Intelligence team is a cohesive global unit dedicated to Cyber Threats Intelligence, focused on researching emerging threats, tracking activities of threat-actors, ransomware groups, and campaigns, to ensure that they stay ahead of potential risks. Beyond their investigative work, the Intelligence team provides actionable threat intelligence and research, enriching the understanding of SecurityHQ’s customers worldwide. United by a common commitment, the SecurityHQ Threat Intelligence team delivers the insights needed to confidently navigate the intricacies of the cyber security threat landscape.

 If you want to identify and protect your business from prevalent cybersecurity threats, schedule a consultation with our experts today.