Preview: Adrian Allen, CTO at Cylynt, talks about the prime target CAD tools represent for countries interested in stealing industrial and military secrets and the importance of good cybersecurity practices in guarding against the persistent threat of spear phishing attacks.
Cylynt continues to highlight the potential for compromised computer-aided design (CAD) tools to be used for the distribution of malware and trojans. CAD tools represent a prime target for nation states interested in stealing industrial and military secrets that can provide a competitive advantage to their own indigenous industries.What better way to leapfrog your economic or military rivals than to steal their cutting-edge designs before they even make it into production!
Informed Employees are Key
In parallel, we are also educating our user community on the importance of good cybersecurity practices and in particular guarding against the persistent threat of spear phishing attacks. The sophistication and targeting of attacks by cyber criminals continues to increase, with common documents like MS Word and Adobe PDF files being frequently used as a means to infect unsuspecting users’ computers when they inadvertently open a malicious attachment. Informed and vigilant employees are key to a company’s defense against the risks posed by spear phishing attacks. Identifying and reporting these risks is essential to protecting the company from attack.
How to spot a spear phishing attack? Beware of emails that appear to come from a known or trusted sender, but that are unexpected, have an unusual format, contain unexpected attachments (always scan all attachments before opening), contain links to unfamiliar websites, or just seem out of context. When in doubt, don’t hesitate to contact the sender directly to verify the authenticity of the email.
AutoCAD Files Now at Risk
Both of these infection vectors came into sharp focus last week when I tuned into a podcast (CyberWire Daily Podcast) by Chris Duvall, formerly with the U.S. Department of Homeland Security (DHS) and currently with the Chertoff Group. Duvall says that security training for employees is crucial. A guest on the podcast, dean of research at the SANS Technology Institute Johannes Ullrich (also the host of the ISC's "StormCast" podcast), described how cyber criminals are getting more and more creative in finding new ways to hide malware that bypass mail server filters. It has been discovered that AutoCAD files, which are not commonly used desktop files, are now being leveraged to focus attacks on very specific user groups. The cyber criminals behind this recent malware campaign appear to be primarily interested in industrial espionage. These attacks have targeted companies in specific industries using spear-phishing emails with AutoCAD file attachments or links that have been infected via embedded scripting modules. The malicious AutoCAD files in turn connect back to a command and control server, which downloads additional malware to the infected target machine.
Train Your Employees
Ullrich recommends that companies who use AutoCAD files train their employees to use the same vigilance as with common desktop files, especially the people who are working on technologically advanced designs using proprietary data that must be protected. In addition, companies need to make sure to inspect the AutoCAD documents on their mail servers, web proxies, etc. In general, whenever an employee receives an attachment with an odd extension, it's probably a good idea to quarantine them first, then look at it later from a security point of view.