One of the project computers was attacked with ransomware in 2017 while construction was underway on the Hong Kong-Zhuhai Macao Bridge. The ransomware attack allowed the perpetrators to lock project files and demand ransom money to unlock them. Project managers reported the incident to authorities. In response, some files were deleted by the perpetrators.
Although the incident did not affect the progress of the project (the bridge opened to traffic one-year later), it was a major news story. This is a terrifying example of ransomware. Ransomware locks users out of their files and forces them to pay hackers to unlock them. Although this is not a new problem it can cost victims millions.
AutoCAD is the perfect tool to make it happen.
Instead of opening a project render the victim can execute the malware script to cause chaos within the server. Autoload is a vulnerability in the software that allows perpetrators to create their own AutoLISP scripts. To make these files appear more legitimate, they also encrypt them.
In order to increase the chance of malicious files being opened by others, the perpetrators code so that the file replicates itself as soon as it is opened. Analysing samples shows that the file exploits AutoCAD’s system variable (ACADLSPASDOC), which allows it to copy itself into the directory containing the target project. These files execute the script in the same way, despite having different file sizes.
Once they have completed replication, they become smarter. The file will attempt to retrieve the current time and date. It will also use this data to alter registry values. This limits C2 connection attempts to one per day. The script can fool victims into believing that the file was created by an older version AutoCAD.
It exploits human flaws
AutoCAD malware, as we have seen, is a frightening and impressive creation. But that’s just half of the formula. Experts refer to the other half as old-fashioned trickery or social engineering.
Many AutoCAD files can be hundreds of megabytes large, so emailing them is not always an option. However, third-party file hosting might work. This criminal activity is orchestrated by sending a CD or USB with the malware. Because sensitive files can be sent over the internet, this method gives victims false security.
Ransomware, such as AutoCAD malware, is one of the ten vectors that are used in social engineering. Recent research has shown that the ease of fooling people has led to an increase in such attacks by 270%. AutoCAD files are a common tool in corporate espionage, and sabotage cases. This leads to losses of more than USD$30 billion.
It is preventable
Although the picture might seem grim, it is not a reason to ignore any work-related files. These malicious files can be prevented by a combination of security practices and state-of the-art security features.
AutoCAD introduced a security feature that warns users against opening files on an unsecure network. It is easy to set it up. Adjust the security level to your preference (turning off not recommended) and indicate trusted locations. Do not ignore the warnings when they are given.