To cybercriminals, credit card information is nice to have, and identity theft is a profitable industry – but the big money is in industrial espionage. Hackers are able to use their tricks to inveigle victims into granting them access to their computers, usually through spear-phishing campaigns aided by social engineering. And when hackers invade a corporate network, it’s most often corporate secrets they’re after.
Typically, organizations won’t admit the loss of trade secrets, so exact numbers are hard to come by. However, the U.S. is estimated to lose up to $600 billion each year in stolen IP. And unfortunately, this particular form of theft costs Americans over a million jobs annually.
Sometimes, us good guys get lucky, and we are able to shine a light on the nefarious methods used by industrial espionage hackers. In this post, we will discuss a method used by hackers specifically targeting AutoCAD users.
Let’s break down what AutoCAD is, how it’s used, and how your organization can protect itself.
What is AutoCAD?
AutoCAD, of course, is an application for computer-aided design (CAD). Released in 1982, it is used by millions of customers worldwide to achieve a variety of design purposes such as architecture, product design, urban planning, and much more. This means that designers will typically keep highly confidential renderings on their chosen device, making them the perfect candidate for a sophisticated attack.
In the real world, an AutoCAD hack may look like raiding a designer’s computer for the latest iteration of designs and drawings of an “iPhone killer”, which is exactly the type of thing a designer might use AutoCAD for. For cybercriminals, these hacks likely lead to many sleepless nights figuring out new methods to worm their way into a system and abscond with their desired treasure. And unfortunately, where there’s a will, there’s a way.
How Hackers Have Compromised Your AutoCAD Security in the Past
Years ago, clever hackers developed a remote code execution method that would enable them to hijack AutoCAD files. This remote code execution vulnerability, called CVE-2013-3665, was a memory corruption vulnerability that was initiated when the user opened a maliciously crafted drawing file. CVE-2013-3665 worked in conjunction with two other vulnerabilities, CVE-2014-0819 and CVE-2014-0818, which were referred to as “file search path vulnerabilities.” A phishing message was then used to allow hackers entry to a system, enabling them to deliver a modification to a file called acad20XX.lsp (written in AutoCAD’s AutoLISP markup language), a startup file that AutoCAD automatically looked for when opening.
The corrupted file then had the ability to replicate itself throughout a user’s computer, and as AutoCAD would seek the first instance of acad20XX.lsp it could find – such as in the same folder as the drawing itself – the corrupted file became the hacker’s ticket to steal. Once installed, the file could hijack the .DLL routines AutoCAD relies on via Virtual Basic scripts, and ensure that it runs every time an AutoCAD drawing (.DWG) file was opened.
This was able to be done simply by adding a single line of code: (“(if (findfile “cad.fas”)(load “cad.fas”))”). The hacker could then copy the file in use to a mail message, as well as send itself to the victim’s contacts, again in the form of a malicious archive. Before the designer knew it, their device had been infiltrated and a full-blown attack had occurred.
Why You Must Protect Your AutoCAD Files
With intellectual property largely digitized today, trade secrets – in the form of documents, spreadsheets, images, etc. – are all stored in databases. In many situations, trade secrets are also stored on computers belonging to the individuals who created, invented, developed, or improved the item in question. To infiltrate AutoCAD files, hackers need to jump through several hoops:
- Design a specific agent or method that will enable them to steal the information they seek
- Determine which computers to attack (that of the designer, a central database, etc.)
- Find a way to install said agent on a user’s computer and/or corporate server
- Build a method that will enable them to fetch the information they are after.
Essentially, hackers can’t execute an attack like they used to… unless they try a little harder. New versions of AutoCAD have eliminated previously used vulnerabilities and haven’t shipped with the VBA engine installed as OEM since 2014. But if a user has VBA installed, and they are not careful, they could still end up a victim of this attack. AutoCAD still allows Macros in the form of VB scripts, and drawing files can be shipped with macros to enable task automation. The scripts operate “behind the scenes,” thus enabling hackers to evade the safety measures built into AutoCADcad and carry out this kind of attack. With a little social engineering, a hacker could smoothly get a user to install the requisite AutoCAD file with its malicious macro, giving them the green light they seek to invade a system.
Plus, social engineering could be even easier to pull off in these circumstances; imagine a designer seeing a message that their device is about to crash, panicking that they are about to lose the many hours of hard work they put into their designs. Victims, under those circumstances, are truly putty in the hands of hackers – who can basically walk in and raid their victims’ systems, perhaps putting the company out of business, and their victim out of a job.
Votiro Can Help Ensure Complete AutoCAD Security
Unfortunately, just like many of today’s hacks, AutoCAD attacks have only become more sophisticated. For organizations that use or work with those who use AutoCAD, it is imperative you find a way to protect your network from such an event.
To ensure AutoCAD security, Votiro’s Positive Selection technology scrubs every file from malicious content before it is ever uploaded, downloaded, or transferred to your network. This way, you will have peace of mind knowing any malicious code will stay far away from your organization and every design you come into contact with is completely safe to open.
Ready to learn more about how Positive Selection works? Schedule a demo! Or, if you’d like to speak with a member of our team directly, contact us today.
