Security researchers have spotted a somewhat unique malware distribution campaign that targets companies using AutoCAD-based malware. Discovered by cyber-security firm Forcepoint, which shared its findings with ZDNet yesterday, the campaign appears to have been active since 2014, based on telemetry data the company has analyzed. Forcepoint says the group behind this recent campaign is most likely very sophisticated and primarily interested in industrial espionage, due too its focus on using a niche infection vector like AutoCAD, a very expensive piece of software, utilized mainly by engineers and designers. "The actors have successfully targeted multiple companies across multiple geolocations with at least one campaign likely having been focused on the energy sector," Forcepoint experts wrote in a report they plan to publish later today. Researchers said the hacker group used spear-phishing emails that contained either archives of malicious AutoCAD files or links to websites from where victims could download the ZIP files themselves, in case the "lure" files needed to be larger than standard email servers' file attachment limits.
Autodesk on Thursday is releasing AutoCAD 2019, a major update to its 36-year-old design and drafting software used by a range of professionals like engineers and architects. After fine-tuning different professional AutoCAD verticals for decades, the latest release gives subscribers access to seven different professional toolsets -- that includes access to a whopping 750,000 different features and functionalities. "AutoCAD itself is millions of lines of code. It's evolved to be the trusted, high-fidelity product that customers need," Marcus O'Brien, product line manager for AutoCAD, told ZDNet. "We wouldn't be offering this today had we not invested in this over the last 20 years."
This project continued to evolve and we explored the design space of a contextual software command recommender system and completed a six-week user study (Li et al. 2011). We then expanded the scope of our project by implementing CommunityCommands, a fully functional and deployable recommender system. During a one-year period, the recommender system was used by more than 1100 users. In this article, we discuss how our practical system architecture was designed to leverage Autodesk's existing customer involvement program (CIP) data to deliver in-product contextual recommendations to end users. We also present our system usage data and payoff, and provide an in-depth discussion of the challenges and design issues associated with developing and deploying the software command recommender system.