Cyber espionage: New worm attacks AutoCad, steals blueprints

Stuxnet showed us the potential for great damage in an attack on infrastructure. Now, a serious new piece of malware is stealing architectural and engineering plans for infrastructure.

“I think every public organization should be concerned about this,” said ESET security intelligence program manager Pierre-Marc Bureau in an interview with VentureBeat. “When you’re starting to see some serious attempts at stealing intellectual property from one country to another, that’s something to be concerned about.”

Security firm ESET discovered the malware, now called ACAD/Medre.A, around February and noted it was “military-grade.” The worm attacks AutoCad, a popular software used by architects and engineers to draw up blue prints and other infrastructure plans. It targets computers running the Windows operating system to steal and e-mail out AutoCad “drawings.” These drawings are then received by an e-mail that ESET found is based in China.

Stuxnet, Duqu, Flame and other malware that hasn’t yet been discovered have been developed to hit where it really hurts: our physical modes of operation. But the theft of infrastructural plans could be just as damaging. Especially when it involves blueprints and plans for the construction of bridges, secretive or government-owned complexes, or energy infrastructure.

The catch with this piece of malware is that it’s not heavily attacking the United States, Europe, or China, but rather in Peru. It’s an odd location, which leads Bureau to believe the malware was probably written by people who wanted to see what their competition was up to. It could be an attempt to one-up a competing agency for a new business pitch, or other similar situations.

He did stress, however, that this malware is too complex to be written by any old cyber criminal wannabe. It isn’t as complex as say, Stuxnet, which shut down fuel to Iran’s nuclear program in 2010, he said, but it does have the potential to spread faster and wider. Bureau said this is probably not a state-sponsored attack, however, given that Peru is being hit the hardest.

“[This is] either for somebody who wants to bid on public service contracts, maybe know what their competition is doing, or they’re trying to find the system for building these things,” he said.

Despite the fact that this malware could simply be an act of corporate espionage, Bureau warns that governments and security teams should remain aware.

“I think this is pretty serious and a good example of a trend that is going to continue for the next months and years,”  he said.

Blueprint image via Shutterstock