AUTODESK TRUST CENTER

Security advisory

Advisories are used to communicate information related to vulnerabilities identified with Autodesk® products and services. This includes any fixes or workarounds that are applicable to the affected product.

Important Security Update regarding Autodesk Drive

Product, Service, Component: Autodesk Drive
Impact: Shared Phishing Links
Original Publish: 4/30/2024

Summary

In March, Autodesk was made aware of an incident where an external user published documents to Autodesk Drive containing links to a phishing web site. Our Cyber Threat Management & Response Team immediately responded to this incident, and the malicious files are no longer being hosted on Autodesk Drive. No customers have reported being impacted by this incident.

Description

A common security attack is to embed malicious links in documents to propagate phishing campaigns, fraud and scams. Autodesk Drive is a cloud storage solution that allows individuals and small teams to organize, preview, and share design and model data within various file types, including PDFs. A recent phishing campaign involved both Autodesk Drive and Microsoft OneDrive where hackers uploaded PDF documents containing links to a phishing web site, where recipients were instructed to input their Microsoft credentials.

Recommendations

In addition to continually monitoring our services for malicious use, Autodesk provides security controls within our products to help customers lower their susceptibility to phishing attempts like these. To reduce the risk of a phishing attempt, please make sure you follow the recommendations below:

  • Please be cautious when enabling public link sharing. Public link sharing in Autodesk Docs is turned off by default. This means file sharing recipients must be authorized to use Autodesk Docs and be logged into view the document.
  • Use Autodesk’s 2-step verification setting for your accounts to reduce the risk of an attacker accessing your Autodesk account.

We also recommend employing the following best practices to identify and report suspected malicious links and files.

  • When receiving an email with an embedded link or attached file, employ healthy skepticism:
    • Is the email address and/or username familiar? Do you know the user?
    • Were you expecting to receive a shared file from this user?
    • If the answer is no, avoid clicking links within the email or opening file attachments.
    • Does the email convey a sense of urgency or use threats? Phishing emails often use urgent language or threats to create a sense of panic.
    • Is the sender requesting personal or sensitive information? A legitimate sender should never ask for sensitive information like credit card numbers, insurance or Social Security numbers via email. Be wary of any email requesting such information.
  • If you receive a suspicious link, report it to the Autodesk Incident Response Team via this contact form. Include a description of how you received the link and the full URL of the link.
  • You can also contact us with other inquiries here. If we find any violation of Autodesk Acceptable Use Policy, such as phishing, malware, or spam, we will take immediate action.

We are committed to continuous improvement of our security scanning capabilities to prevent bad actors from misusing our cloud services to host malicious content or any other violation of Autodesk policies.

Disclaimer

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH AUTODESK PRODUCTS. AUTODESK AND/OR ITS RESPECTIVE SUBSIDIARIES, AFFILIATES, SUPPLIERS AND LICENSORS AND ITS AND THEIR DIRECTORS, OFFICERS, EMPLOYEES, AGENTS AND REPRESENTATIVES MAKE NO REPRESENTATIONS ABOUT THE SITE, ANY PRODUCTS AND SERVICES CONTAINED ON THE SITE OR THE SUITABILITY OF THE INFORMATION CONTAINED IN THE MATERIALS, INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS PUBLISHED ON THIS SITE FOR ANY PURPOSE. THE SITE, ANY PRODUCTS OR SERVICES (INCLUDING WITHOUT LIMITATION, THIRD PARTY PRODUCTS AND SERVICES) OBTAINED THROUGH THE SITE, AND ALL SUCH INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS ARE PROVIDED FOR YOUR USE AT YOUR OWN RISK AND "AS IS" WITHOUT WARRANTY OF ANY KIND. AUTODESK AND/OR ITS RESPECTIVE SUBSIDIARIES, AFFILIATES, SUPPLIERS AND LICENSORS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS SITE, SUCH PRODUCTS AND SERVICES AND SUCH INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

© 2024, Autodesk, Inc.

X

Report a security incident

Autodesk is dedicated to addressing security issues involving Autodesk products and services. Please use this form to report information and product security incidents, vulnerability escalations, privacy or compliance concerns so we can continue to protect the interests of our users and the integrity of our services.

FIRST NAME*

LAST NAME*

E-MAIL ADDRESS*
DESCRIPTION


Note: You will receive confirmation of your submission via email. You will not be subscribed to any mailing lists and your information will not be shared by Autodesk outside of this submission.