Security awareness and training provider KnowBe4 recently disclosed that it inadvertently hired a fake North Korean IT worker who attempted to install malware on a company-issued computer.
The incident highlights the growing sophistication of cybercriminals and the challenges organizations face in vetting remote employees.
According to KnowBe4 CEO Stu Sjouwerman, the company’s HR team conducted four video interviews with the candidate, performed background checks, and verified references before hiring.
The applicant used a stolen US-based identity and an AI-enhanced stock photo to create a convincing fake persona.
The deception was uncovered when KnowBe4 sent the new hire a Mac workstation. Upon receiving the device, the individual immediately attempted to load malware onto it.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Fortunately, KnowBe4’s endpoint detection and response (EDR) software detected the suspicious activity and alerted the company’s Security Operations Center (SOC).
When contacted by the SOC, the fake employee claimed to be troubleshooting a router issue.
However, further investigation revealed that the attacker had manipulated session history files, transferred potentially harmful files, and executed unauthorized software. The company quickly contained the device and terminated access.
KnowBe4 believes this incident is part of a larger scam where North Korean operatives pose as IT workers to infiltrate companies, perform legitimate work, and funnel a portion of their earnings back to the North Korean regime.
The company has shared its findings with cybersecurity firm Mandiant and the FBI. Importantly, KnowBe4 stated that no illegal access was gained, and no data was lost or compromised on any of its systems.
This incident is a stark reminder of the evolving threats in cybersecurity and the importance of robust vetting processes for remote workers.
KnowBe4 Recommended Security Measures:
- Enhance remote device scanning and monitoring
- Improve vetting processes to verify candidates’ physical locations
- Conduct more thorough resume and career consistency checks
- Implement video interviews with detailed work-related questions
As organizations embrace remote work, it’s crucial to adapt hiring and security practices to address these emerging risks.
This case underscores the need for ongoing vigilance and collaboration between HR, IT, and security teams to protect against sophisticated cyber threats.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo