2018/11/27: attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. Included in the same directory are camouflaged files formatted in AutoLISP, an AutoCAD-specific dialect of the LISP programming language. When targets open the design document, they may inadvertently cause the AutoLISP file to be executed. While modern versions of AutoCAD by default display a warning that a potentially unsafe script will run, the warnings can be disregarded or suppressed altogether. To make the files less conspicuous, the attackers have set their properties to be hidden in Windows and their contents to be encrypted.
The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now.
The value of these documents–especially in new and prospering industries such as renewable energy–have probably never been this high. All this makes it attractive for the more skilled cybercriminal groups to chip in: instead of spamming out millions of emails and waiting for people to fall for it, significantly more money can be realized by selling blueprints to the highest bidder.
2018/11/26: Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.
And this is what we get for browsers forcing websites to adopt HTTPS or else they try to scare people with warnings about pages not being secure. I run a site that provides 100% publicly available information in a totally read-only / user agnostic manner. There are no accounts, no sessions, etc. Just the display of information. I had to switch to HTTPS because of uninformed users thinking something was wrong with my site because of browser warnings.
When reporter Mat Honan was hacked last weekend, it gave a lot of fuel to cloud naysayers, but the social engineering methods employed to get Honan's key information could happen anywhere, even your locked data center.