Continuously Requested Questions About KnowBe4’s Faux IT Employee Weblog
July 23, 2024, I wrote a
weblog publish about how KnowBe4 inadvertently employed
a skillful North Korean IT employee who used the stolen id of a US citizen. He participated in a number of rounds of video interviews and circumvented background verify processes generally used.
weblog publish about how KnowBe4 inadvertently employed
a skillful North Korean IT employee who used the stolen id of a US citizen. He participated in a number of rounds of video interviews and circumvented background verify processes generally used.
The intent was to share an organizational studying second, so you may make certain this doesn’t occur to you. The story went viral, which is precisely what I had hoped for. Do we’ve egg on our face? Sure. And I’m sharing that lesson with you. It is why I began KnowBe4 in 2010. In 2024 our mission is extra essential than ever.
Q1:
Was any KnowBe4 system breached on this North Korean IT employee incident?
Was any KnowBe4 system breached on this North Korean IT employee incident?
No.
KnowBe4 was not breached. After we rent new workers, their person account is granted solely restricted permissions that enable them to proceed by way of our new rent onboarding course of and coaching. They’ll entry solely a minimal variety of mandatory apps to undergo our new worker coaching.
KnowBe4 was not breached. After we rent new workers, their person account is granted solely restricted permissions that enable them to proceed by way of our new rent onboarding course of and coaching. They’ll entry solely a minimal variety of mandatory apps to undergo our new worker coaching.
Q2:
What entry do new workers get?
What entry do new workers get?
These are apps resembling their e-mail inbox, slack, and zoom. The workstation they obtain is locked down and has no information residing on it, it’s primarily a laptop computer with nothing on it besides our endpoint safety and administration instruments
Q3:
Did the brand new worker get entry to buyer information?
Did the brand new worker get entry to buyer information?
No. This particular person by no means had entry to any buyer information, KnowBe4’s non-public networks, cloud infrastructure, code, or any KnowBe4 confidential data. They’d fundamental communication apps and a factory-new provisioned laptop computer. We detected suspicious exercise and responded inside minutes, quarantining the whole laptop computer.
This autumn:
Was any malware executed on the machine?
Was any malware executed on the machine?
No.
No malware was executed on the machine because it was blocked by our safety tooling. A whole assessment of all processes, instructions, community connections, and different exercise on the laptop computer was performed and we concluded that no additional motion was wanted as there was suspicious exercise outdoors of what was detected and blocked.
No malware was executed on the machine because it was blocked by our safety tooling. A whole assessment of all processes, instructions, community connections, and different exercise on the laptop computer was performed and we concluded that no additional motion was wanted as there was suspicious exercise outdoors of what was detected and blocked.
Q5:
What entry did this employee have on his workstation that might have compromised buyer information or maybe used the simulated phishing platform?
What entry did this employee have on his workstation that might have compromised buyer information or maybe used the simulated phishing platform?
There was nothing supplied on the laptop computer. All of KnowBe4 information is saved within the cloud and a assessment of this particular person’s person account decided they didn’t entry something apart from their very own e-mail inbox. We provision entry to our KnowBe4 platform by way of Okta. New hires will not be granted entry into the KnowBe4 platform till after completion of their onboarding, which this particular person had not accomplished, and due to this fact by no means had entry to the platform.
Q6:
Why would somebody employed as a software program developer attempt to load malware on their new machine?
Why would somebody employed as a software program developer attempt to load malware on their new machine?
We are able to solely guess, however the malware was an infostealer focusing on information saved on internet browsers, and maybe he hoped to extract data left on the pc earlier than it was commissioned to him.
Q7:
How did this unhealthy actor go your hiring course of?
How did this unhealthy actor go your hiring course of?
This was a skillful North Korean IT employee, supported by a state-backed felony infrastructure, utilizing the stolen id of a US citizen taking part in a number of rounds of video interviews and circumvented background verify processes generally utilized by firms.
Q8:
The press made it sound like a knowledge breach disclosure. Was it?
The press made it sound like a knowledge breach disclosure. Was it?
No. It was a Public Service Announcement. We may have saved quiet whereas wiping the egg off our face. Nevertheless, our mission is to make the world conscious of cybercrime. If one thing like this may occur to us, it may occur to virtually anybody. The weblog publish was meant to warn organizations about this specific hazard. It appears to be like like we’ve succeeded.
Q9:
Has KnowBe4 modified their hiring course of?
Has KnowBe4 modified their hiring course of?
You guess we’ve! A number of course of modifications have been made in order that this factor will probably be caught earlier. One instance is that within the US we are going to solely ship new worker workstations to a close-by UPS store and require an image ID.
Q10:
How can I be taught extra about this specific threat?
How can I be taught extra about this specific threat?
On the
weblog publish on the finish, we hyperlink to a podcast from Mandiant the place they go in depth about this specific hazard. I strongly suggest you hearken to it.
weblog publish on the finish, we hyperlink to a podcast from Mandiant the place they go in depth about this specific hazard. I strongly suggest you hearken to it.
The place was this coated within the press?
-
MSN (syndicated from PCMag):
Safety Agency Discovers Distant Employee Is Actually a North Korean Hacker -
The Cyber Categorical:
KnowBe4 Uncovers Faux Worker: How a North Korean Hacker Was Employed into the Workforce