Every $2 will be transferred to the Ukrainian Volunteers Fund. Do not remain indifferent, support Ukraine!

Corporate security in the 3D segment. Part 2.


Author MastaMan
Updated on August 8, 2022
English and Русский

Index

Introduction

In the last part of the article, we touched on the topic of risks, but did not describe in detail their component. The 3D industry, due to its specifics, is mainly subject to information security risks. There are internal and external factors, let's look at them in more detail...


Back to article "Corporate security in the 3D segment. Part 1."

Threats

Internal Threats

Internal threats are everything that happens inside the company. These are the knowing or unconscious actions of employees that can cause damage, affect the leakage of information or undermine the reputation of your business.


An example of an internal threat (based on real events):

These are disgruntled or fired employees. You need to understand that the employee has certain knowledge and information about your structure and organization of the company.

So, one employee fired on unfavorable terms, implemented a PHP script that gives full access to the server where important information was stored.

With the help of such a script from the Active Collab system, information about clients was obtained, and the server where the project files were stored was disabled.

Taking advantage of the situation when the company was unable to restore work in time to hand over the project, the fired employee stole several clients.

External Threats

External threats are various kinds of viruses, hacker attacks, backdoors in hacked versions of popular plugins, etc.


As mentioned in the last part of the article, 3Ds Max is a big window of opportunity for hackers. Since 3Ds Max is a multifunctional software that allows you to execute almost arbitrary code in its environment, and this environment is in no way isolated from the Operating System (OS).


A short list of dangerous features in 3Ds Max:

  • Write/Read files
  • Connect to Internet resources
  • Download files over the Internet
  • Edit the registry
  • Run third-party DLLs
  • Run DOS commands
  • Execute DotNet and WinAPI
  • Execute VB Script
  • Access sendMessage for programmatic button presses
  • Reading the Clipboard
  • Getting information about the system (CPU, GPU, RAM, HDD)
  • Writing to Windows environment variables
  • Accessing files on the local network
  • And more
These features provide developers with a versatile way to write their own scripts and plugins, which can be a great help in their work. But also, these features can be used by attackers.

Even if you have the ultimate Antivirus and a good Firewall, this will not protect against script viruses and threats that are distributed under 3Ds Max. The fact is that no antivirus is able to detect a malicious script or plugin or unauthorized code execution in 3Ds Max.


Protection against such threats should be present in 3Ds Max itself, and the more search signatures, the better.


In the last part, we wrote about Autodesk Security Tools, about its pros and cons. This is one of the options for protection. It is much better if you add Prune Scene in addition, which has more signatures to search for threats and anomalous code, which will significantly increase the chances of finding them.


Prune Scene


It is active protection that will help close this gap in 3Ds Max and ensure the integrity of your data.

An example of an external threat (based on real events):

An employee downloads and installs a plug-in from an unverified resource - a hacked Project Manager, for free use. Naturally, this process is not controlled by anyone.

After some time, it turns out that the hacked Project Manager encrypts all *.max files and it is impossible to open any scene without it. And of course, the plugin does not work until payment is made to the attacker's wallet.

What is most interesting, the ransom was more than buying the official license on the official k-studio website.


As it was later found out, the attackers distributed a modified version of Project Manager under the guise of freeware.

An article about the prevention of such a threat was released the next day, after one of the employees of this company wrote to me in the mail. Thanks to this article, it was possible to inform the 3D community in time.


⚠️⚠️⚠️ATTENTION❗❗❗ The new virus in the cracked version of Project Manager (3Ds Max)


This is one of the few examples that I know of. If you are interested in such stories, write about it, I will definitely make a separate article.

Elementary safety rules

  • Employees must sign a non-disclosure document
  • Write down the rules of the workplace, for example, no leaflets with passwords glued to the monitor, logging into Windows only with a password, etc…
  • Require employees to switch to Lock Screen mode, even if they are away from their work computer for a short time
  • Do not use "flash drives", especially those found under the office doors
  • Use of corporate mail only for its intended purpose
  • Timely software update
  • Separate servers or access rights for storing files (data) for different departments
  • Mandatory installed antivirus on the workstation, for example ESET NOD 32
  • Mandatory enabled active protection for 3Ds Max, it can be Autodesk Security Tools, but better Prune Scene or both
  • Do not open questionable attachments, especially programs that come in emails
  • Do not download software from unverified sources, and even better, switch to licensed software as much as possible
  • Download 3Ds Max scripts from scriptspot.com or official developer sites
  • Prevent employees from installing anything, such as games (does not apply to Steam)
  • Download 3D models only from verified 3D stocks, which in turn check each model using Prune Scene, an example of such the Great Catalog stock
  • From time to time check *.max files for script viruses on your computer or network using the Selective Scan tool in Prune Scene, which allows you to quickly and without opening the scene to determine where the virus is located in a matter of minutes
  • The request “Resave the model under 3Ds Max version below” should not go beyond the company, for example, they often turn to forums or Telegram channels where there may be users with infected 3Ds Max
  • Require employees not to share *.max files outside the corporate network with people who do not have protection against script viruses
  • 3Ds Max *.max files sent via mail, file hosting or your CRM, be sure to check through Selective Scan in Prune Scene before launching
  • Transfer the responsibility for installing and configuring software to administrators

Conclusion

The importance of corporate security is very important, both for large companies and for small ones. Employee awareness can help you retain customers, avoid industrial espionage, identity theft, or workflow shutdowns.

By following simple rules and taking into account that you need a separate protection for 3Ds Max like Prune Scene, you can significantly minimize risks.

The digital world has become much more complex and it is necessary to keep up with the times, rely on chance - this means losing reputation and customer trust.


Back to article "Corporate security in the 3D segment. Part 1."


{{commentsMsg}}
  

No one has posted a comment yet
{{comment.lastname}} {{comment.name}} {{comment.date}}
{{comment.text}}


SUBSCRIBE TO OUR NEWSLETTER

{{subscribeMsg}}