A report from cybersecurity technology company ReliaQuest shows 481 construction organizations were listed on data-leaking websites used by ransomware attackers in 2024—a 41% increase year over year, according to Construction Dive.
Spearphishing, which is a phishing attempt personalized to a victim, was the most prominent type of attack, accounting for nearly one in five incidents. Next was internal spearphishing, which is when a compromised account within a company attacks other users in the organization.
Additionally, credential exposure incidents—the unauthorized disclosure of sensitive authentication information, such as usernames and passwords—now account for 75% of all construction alerts, which is an 83% increase from the previous year.
ReliaQuest predicted phishing attacks, cloud exploitation and attacks via infostealers (malware designed to compromise user credentials) will climb in 2025. Once credentials are published and sold, cybercriminals can gain access to sensitive data or deploy additional malware.
The report recommended construction companies audit cloud accounts and resources rigorously; closely monitor cloud permission levels that could grant extensive access; enforce the principle of least privilege for all third parties and contractors; enable multifactor authentication for accounts; and employ a digital risk protection strategy to continuously monitor for exposed credentials.
To help contractors address cyber liability risk, NRCA has partnered with BPM Insurance Services and Acrisure to create NRCA’s Cyber Liability Insurance Program.
