In 2017, while the Hong Kong-Zhuhai-Macao Bridge was under construction, one of the project computers was hit with a ransomware attack. This malicious act allowed perpetrators to lock crucial project files and demand ransom for unlocking them. When project managers reported it to the authorities, the perpetrators deleted some of the files in response.
The incident didn’t affect the project’s progress (the bridge was opened to traffic one year later), but it made headlines. It’s an accurate—and terrifying—example of ransomware, where a user is locked out of their own files and functions and forced to pay the hackers to regain access. This may not be a new problem, but it has the potential to cost victims millions.
What makes this case especially unique is that it involves files made with computer-aided design (CAD) software, mainly AutoCAD. If one isn’t too careful in accessing AutoCAD files, they might be wide open for a cyberattack. Thus, the first step in protecting yourself against such activities is being aware of them. So, here are four things worth knowing about AutoCAD malware.
1. It’s Made With AutoCAD
The success of any cyberattack hinges on the victim being unaware of it. As far as AutoCAD malware goes, hackers create these malicious files with the software’s AutoLISP programming language disguised as AutoCAD files. Simply put, they create these files with the same software.
This way, instead of opening a project render, the victim may execute the malware script and inadvertently cause havoc within the server. Using the software’s auto-load feature, which is an existing vulnerability in the program, perpetrators can create their own AutoLISP script. Worse, they encrypt these files to make them appear more legitimate.
While AutoCAD’s developers have since updated their security measures (more on that later), spotting these files is near impossible. Without an active security system like the cybersecurity as a service from Foresite for example, and other service providers, computer networks won’t have the necessary protection if someone opens these files accidentally.
2. It’s Self-Replicating
To maximize the chances of people opening the malicious file, perpetrators also code in a way that it replicates as soon as it’s opened, regardless of the location. Analysis of samples indicates that the file exploits AutoCAD’s system variable (ACADLSPASDOC) to help copy itself within the directory that contains the target project. Despite varying file sizes, these files work the same in executing the script.
They only get smarter once they complete replication. The file will then attempt to retrieve the current date and time and use that data to mess with registry values, limiting C2 connection attempts to once a day. Whether or not perpetrators made the files using an older version of AutoCAD, the script will be able to spoof victims into thinking it’s from their own AutoCAD software.
3. It Exploits Human Flaws
As explained so far, AutoCAD malware is an impressive but frightening creation—and that’s only half of a successful formula. The other half lies with old-fashioned trickery, which experts refer to as social engineering.
Photo by license from AdobeStock
AutoCAD files are often hundreds of megabytes in size, so it isn’t always possible to deliver them via email (though third-party file hosting may work). Orchestrating this criminal activity relies on mailing a CD or USB drive containing the malware. This method also gives victims a false sense of security, considering such sensitive files are vulnerable when sent via the internet.
Ransomware like AutoCAD malware is one of ten known vectors used in social engineering. A recent study found that such attacks have increased by 270% this year, owing to how easy it is to fool people. It’s no wonder that AutoCAD files are prevalent in cases of corporate espionage and sabotage, which leads to more than USD$ 30 billion in losses.
4. It’s Preventable
The picture may look bleak, but it’s no reason for people not to pay closer attention every time they open a work-related file. A combination of state-of-the-art security features and practices can prevent an outbreak of these malicious files.
As mentioned earlier, AutoCAD has since introduced a security measure that warns users about opening files in an unsecured network. Setting it up is as simple as adjusting the security level to your desired setting (turning off isn’t recommended) and indicating trusted locations. When prompted, refrain from ignoring the warning.
Additionally, adopt best practices like protecting files with a password, setting them to read-only, and converting them to PDF format when sharing with others. Moreover, requiring involved users to sign a non-disclosure agreement can add a legal aspect, mitigating the loss a company might suffer in the worst-case scenario.
There’s no reason hackers will stop relying on AutoCAD malware to get what they want, given that it’s a widely-used program. Therefore, AutoCAD users must be vigilant every time they run the software, especially when accessing files. Only by having a layered security system and being mindful at all times can these threats be averted.