The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack on KHS&S Contractors, a prominent construction company in the USA. The threat actor posted a message on their dark web channel, notifying the company of the cyberattack and setting a deadline of 3 days from the date of the post. The group alleges to have gained access to an undisclosed amount of data from KHS&S.
With a revenue of $49.9 million, KHS&S Contractors has become the target of cybercriminals, although the full extent of the damage caused by the cyberattack is not yet fully understood. The organization has not issued an official statement or response to the alleged cyberattack, leaving the claims in a state of uncertainty.
Despite the lack of official acknowledgment, skepticism has arisen regarding the validity of the attack, as KHS&S’ website appeared operational with no immediate signs of disruption or compromise. However, it is known that cyber assailants often target backend systems and databases rather than launching frontal assaults.
If confirmed, the cyberattack on KHS&S would represent a broader trend within the construction industry. Recent years have seen a surge in ransomware attacks targeting construction firms, with the sector being ranked as the most vulnerable to such incursions for two out of the past three years.
The vulnerabilities inherent in the construction industry make these companies attractive targets for cybercriminals. The reliance on modern digital tools, such as computer-aided design (CAD) and building information modeling (BIM), exposes the firms to heightened risks. Additionally, the often lax cybersecurity posture of many construction companies, coupled with inadequate employee training in identifying and mitigating cyber threats, further compounds the problem.
The rise of cyberattacks on construction companies is evident from incidents such as the cyberattack on Simpson Manufacturing in 2023. The California-based engineering firm experienced a cyberattack that prompted the shutdown of critical IT systems. In response, the company acknowledged the cybersecurity incident, revealing disruptions to its IT infrastructure and applications. The severity and persistence of cyber threats facing the construction sector were highlighted by the company’s actions to contain the breach.
It is important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
The increasing frequency of cyberattacks targeting construction companies underscores the urgent need for robust cybersecurity measures within the industry. As cyber threats continue to evolve and pose greater risks, organizations must prioritize the protection of their digital assets and infrastructure to safeguard against potential disruptions and financial losses.