In a startling turn of events, KnowBe4, a leading cybersecurity awareness training company, recently uncovered an elaborate scam when it unwittingly hired a North Korean spy.
This incident has sent shockwaves through the business community, highlighting the growing risks associated with remote hiring practices in an increasingly digital world.
The incident occurred in July when the cybersecurity firm’s US branch hired what appeared to be a qualified candidate for a remote position. Despite rigorous background checks and video interviews, the fraudster infiltrated the company by leveraging a stolen US identity.
Using a virtual private network (VPN) and logging in at night from wherever he physically was (either China or North Korea), the imposter convincingly portrayed themselves as working from the United States.
“Technology is making it easier for bad actors to infiltrate your organisation. They use sophisticated strategies helped by artificial intelligence (AI) to create fake, but believable identities which get them hired and then use proxies in country to gain access to the company’s IT systems,” Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA said.
KnowBe4 uncovered the deception when the company-provided laptop immediately began downloading malware upon first use. KnowBe4’s security measures detected the attempted attack early, and they prevented any data compromise. The incident has raised serious concerns about the vulnerabilities in remote hiring processes, even for companies specialising in cybersecurity.
“For a cybersecurity company like us to get caught with egg on our face was a big wake-up call,” admits Collard. “We could have kept quiet, but instead we shared our story hoping other organisations could learn from it.”
As a result, KnowBe4 implemented several process changes to catch this kind of incident earlier. “For example, in the US, we will only ship new employee workstations to a nearby UPS shop and require a picture ID,” she says.
Red flags and safeguards
Because of sophisticated technology, it’s difficult for companies who are hiring to distinguish between who is real and who is fake. “Some methods fraudsters use include fake identities and relying on AI images to evade detection. Their motive is usually to gain access to sensitive company data, either for financial gain or to support the North Korean regime.”
Despite what they are up against, organisations can still outfox these fraudsters, provided the right HR measures are in place.
- •Inconsistent CV details: Look for discrepancies in birth dates or unexplained gaps in employment history.
- •Reference checks: Go beyond email verifications; conduct phone calls to confirm references.
- •Overqualification: Be wary of candidates who seem overqualified for the role, as this may be a tactic to avoid scrutiny.
- •Camera avoidance: Candidates refusing to appear on camera during interviews should raise suspicion.
- •Digital footprint: Conduct thorough background checks, including social media analysis. A “digital ghost” with no online presence is a red flag.
- •Multi-Factor Authentication (MFA): Implement MFA from day one, using hardware tokens sent to verified addresses.
- •Secure devices: Provide pre-configured, secure devices to new hires, restricting access to sensitive information until trust is established. Also scan your remote devices to make sure they have not been compromised.
- •Limit access: New employees should only be able to access a minimal number of necessary apps to go through the new employee training, and their workstations should be locked down with no data residing on them, except for the company’s endpoint security and management tools.
Conclusion
The KnowBe4 incident serves as a stark reminder of the growing challenges in remote hiring and cybersecurity. As organisations continue to adapt to a global workforce, the need for robust security measures has never been more critical.
“Your HR and IT processes need to work in tandem and be watertight when recruiting,” concludes Collard. “By adopting stringent security practices and remaining vigilant, companies can mitigate the risks associated with remote hiring and protect themselves from sophisticated scams.”
This wake-up call underscores the importance of continuous improvement in security protocols, even for industry leaders. “As the digital landscape evolves, so too must our approach to safeguarding our organisations against increasingly cunning threats.”
