Cybersecurity Awareness Firm KnowBe4 Hired a North Korean Hacker

In an unexpected and alarming incident, KnowBe4, a well-known cybersecurity awareness training company, discovered they had unknowingly hired a North Korean hacker. This incident not only highlights the sophisticated tactics used by state-sponsored cybercriminals but also serves as a stark reminder that no organization is immune to such threats, especially when faced with deceptive scams like fake resumes and fraudulent hiring processes.

The Discovery

KnowBe4 onboarded a new employee who had seemingly passed all standard hiring protocols. This included job postings, interviews, and reference checks.

On July 15, 2024, KnowBe4’s SOC (Security Operations Center) was alerted to a series of unusual actions on the employee’s device. Essentially, the moment the laptop was received it started trying to upload malware to KnowBe4’s systems via a Raspberry Pi and VPN.

Immediate Response and Containment

As the investigation intensified, the employee became increasingly unresponsive, eventually ceasing all communication. The SOC team remotely contained the device, preventing any further potential damage to KnowBe4’s internal systems.

Thankfully, KnowBe4 allegedly puts all new hires into a Sandbox environment before allowing them access to full systems. This precaution helped prevent the attack from succeeding.

Working closely with the FBI and Google’s security division, KnowBe4 confirmed the new hire was, in fact, a North Korean hacker.

The hacker had utilized advanced tactics such as a deepfake AI generated profile image and a stolen U.S. identity to successfully infiltrate the company.

Left: Real. Right: AI Enhanced Deepfake submitted to KnowB4 HR. Picture source: KnowBe4

Threat Landscape

KnowBe4’s founder and CEO, Stu Sjouwerman, emphasized the need for enhanced vetting processes, continuous security monitoring, and better coordination between HR, IT, and security teams.

The company’s rapid detection and containment of the breach can be attributed to their proactive security measures, such as sandbox controls for new employees.

To mitigate similar risks, organizations should consider implementing the following measures:

Key Takeaways

Enhanced Background Checks: Ensure thorough and consistent verification of personal details.

Video Interviews: Conduct face-to-face interviews to verify identities.

Detailed Resume Scanning: Scrutinize resumes for inconsistencies and gaps.

Continuous Monitoring: Implement ongoing monitoring of employee activities, especially for new hires.

Red Flag Detection: Address discrepancies in personal information and work patterns promptly.

Strengthening Security Posture

In response to this incident, KnowBe4 has introduced several process improvements:

Improved Background Checks: More rigorous and detailed checks on new hires.

Stronger Reference Verification: Avoiding reliance solely on email references.

Enhanced Monitoring: Increased monitoring for unusual access attempts.

Tighter Access Controls: Reviewing and strengthening authentication processes.

Security Training: Educating employees on recognizing and responding to social engineering and advanced persistent threats.

Source: KnowB4

To circle back as well, KnowBe4’s use of a Sandbox environment is something that other businesses can consider. While CEO’s themselves might not be able to set this up, it’s encouraged to discuss the option with your IT and/or Cybersecurity Provider who may be able to implement a virtual solution as yet another piece of your cybersecurity safety stack.

Final Thoughts

The KnowBe4 incident is a critical reminder of the evolving nature of cyber threats and the importance of robust security measures. This incident underscores a fundamental truth in today’s digital age: anyone can be a target. Therefore, everyone, especially businesses, must remain vigilant, continually refining their defenses against the ever-present and evolving threat of cybercrime.

Walter Contreras

Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.

Related blogs

Free Laptop With Cyber Security Text on the Screen Stock Photo

Top 7 Cybersecurity Risks of Remote Work & How to Address Them

August 25, 2023

HOW THE NEW FTC SAFEGUARDS RULE WILL RADICALLY CHANGE HOW EVEN SMALL BUSINESSES OPERATE

The New FTC Safeguards Rule, NAIC Model Laws, NY DFS, and You

January 25, 2023