In a blog post by Stu Sjouwerman, Founder and CEO of KnowBe4, Inc., wrote an incident report summary on Tuesday, July 23, 2024, revealing an insider threat how a North Korean IT worker used a valid but stolen US-based identity who applied as software engineer for their internal IT AI team. Sjouwerman said, “KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.” He further stated, “The EDR software detected it and alerted our InfoSec Security Operations Center.”

Sjouwerman revealed that suspicious activities were found on the account of the new Principal Software Engineer on July 15, 2024. The employee claimed to be fixing a router issue, but further investigation showed manipulation of session history files, transfer of harmful files, and unauthorized software execution using a Raspberry Pi for about 25 minutes. The employee stopped responding, and his device was isolated. The report also mentioned a scam where fake workers in North Korea or China used VPNs to work night shifts imitating US daytime hours, sending some of their earnings to support North Korea’s illegal activities. The company’s controls caught the activity, emphasizing the need to place new hires in highly restricted areas with no access to production systems.

Sjouwerman highlights this in his post, “No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don’t let it happen to you.”

Therefore, this incident is a wake-up call for businesses to reassess their cyber security strategies, especially in terms of identity verification, insider threat management, and the use of AI in both cybersecurity threats and defenses. It also highlights the importance of quick response and collaboration in mitigating such threats. As the saying goes, “Forewarned is forearmed. Furthermore, AI technology has indeed brought about a new wave of potential threats that businesses need to be aware of. Sophisticated security systems, may not be enough when dealing with state-sponsored actors who have access to advanced technologies like AI and this incident serves as an example of the lengths to which these actors will go to infiltrate businesses, even going so far as to use AI to create convincing fake identities. Vigilance is indeed the key. Businesses must continually reassess their security protocols, stay updated on the latest cyber security trends, and be prepared to adapt their strategies as needed.

#CyTech #CyberNews #CyberSecurity #CISO #CISOWorkplace #KnowBe4