Information on AutoCAD Security Breach
Published on January 14, 2019
As a courtesy to all, we wanted to make you aware a new security breach that is targeting businesses using AutoCAD software.
The attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. When AutoCAD users open the design document, they may inadvertently cause the malware files to be executed.
Please see the following article for more information:
https://www.zdnet.com/article/new-industrial-espionage-campaign-leverages-autocad-based-malware
To summarize, the malware works by first copying itself to three locations in an infected computer to increase the chances it will be opened if it spreads to new computers. Once access is gained to one computer, the hackers can pivot to gain access to any other computers on the server. If allowed to spread, malware can result in loss of intellectual property as well as gained access to passwords, personal and financial information. Malware running on computers also results in reduced productivity.
The good news is that users of AutoCAD can protect themselves! AutoCAD’s security recommendations page (https://knowledge.autodesk.com/support/autocad/learn-explore/caas/CloudHelp/cloudhelp/2018/ENU/AutoCAD-Core/files/GUID-9C7E997D-28F8-4605-8583-09606610F26D-htm.html) contains tips for safely configuring AutoCAD to protect against malicious modules. It also shares advice on how to recover and clean an AutoCAD installation after attacks with malicious code. By following the suggestions for best practices, including keeping your antivirus and operating system up to date, you will reduce your vulnerability to malicious executable code.
Notably, this is also not the first time that cyber-criminals have used AutoCAD-based malware to infect companies. Previous campaigns have been documented in 2009 (https://nakedsecurity.sophos.com/2009/08/13/autocad-malware-acadvlx)
and 2012 (https://www.welivesecurity.com/media_files/white-papers/ESET_ACAD_Medre_A_whitepaper.pdf).
The current breach has been ongoing since 2014. This means that your business’ computers may currently be infected by this malware.
Cybersecurity has become an absolute necessity in the technology world today. We hope that this information has been helpful to your business as you consider how to best protect it. allCareIT is a local technology company specializing in cybersecurity, as well as all your technology needs including website design and Office 365.
If you would like more information or would like to schedule a meeting to discuss how allCare IT can help with your security needs please email helpdesk@allcareit.com or call 613-817-1212