While Lynn’s away on a well-deserved vacation, I’m going to sneak in with a couple of guest posts. This is an important subject and I’m delighted that Lynn’s given me the opportunity to share this information with you! - Dieter Schlaepfer
It seems like every week there's another business devastated by an online intrusion, theft, or fraud. New and more sophisticated exploits are being reported with increasing frequency. We all try to protect ourselves against identity theft and make sure not to click on any suspicious emails, but what about your drawing files?
Sometimes the bear doesn't chase the slowest person!
As a member of the AutoCAD Security feature team, I’d like to share with you some of the things that I’ve learned over this past year. My goal is not to scare you, although there are scary things happening, but to raise your awareness and preparedness.
Autodesk and independent security experts have become aware of increased security threats to your privacy and intellectual property. For example
- An architectural firm discovered that an unauthorized program was automatically emailing their AutoCAD drawing files to a foreign account overseas.
- A book published a few months ago describes how a sophisticated virus was used for espionage at a secure facility. AutoCAD drawing files were accessed in the attack.
Private individuals, competitors, government agencies, and well-funded mercenary organizations (yes, they exist) have various motivations including the following:
- To disrupt your business
- To steal and sell your designs
- To acquire your in-process patent drawings
- To monitor your progress on your projects for competitive or stock price advantages
- To acquire information for purposes of extortion, espionage, or terrorism
Okay, so how do they break in?
In addition to the usual risks of clicking links within emails and network security attacks, attacks that are related to AutoCAD can use one of these methods:
- AutoLISP and a variety of other executable files can be altered to contain malware. Typically, these files are included in a ZIP file along with drawing files and can start automatically.
- An application, utility, or customization file downloaded from an untrusted website can contain malware. Even a trusted application can be quietly replaced with a modified version.
- Many users download illegal "cracked" software, not realizing that anyone capable of cracking licenses is also capable of inserting code that can quietly do anything, including logging their keystrokes.
- Drawing files can be altered to try to overflow memory with executable code. Drawing files can also contain VBA macros that can execute if you have VBA installed.
Next time, we’ll take a look at what you can do to protect yourself. See you then!