It might seem like something out of a movie: a crafty hacker able to trick a well known cybersecurity firm into hiring them with the intent on distributing malware on their systems. This isn't a Hollywood flick however, it's real life.
In a recent incident, KnowBe4, a well-known cybersecurity company, unknowingly hired a North Korean hacker posing as an IT worker. The individual was able to pass through the company’s hiring process and was granted limited access to their systems. The hacker’s intention was to load malware onto the company’s network, which could have led to significant security breaches.
The hacker was able to pass a background check by using the stolen identity of a real US citizen. By itself, this doesn't seem like such a big deal as millions of stolen identities are floating around. Where things get crazy however, is the attacker used AI enhanced photo and video to conduct four separate interviews with the company before being hired, and nobody caught on.
Fortunately, no sensitive data was compromised and the hacker was stopped before they could gain access or cause any harm to the company’s systems. KnowBe4 has since involved the FBI to assist as well as other top cybersecurity firms in an effort to prevent this from happening to them again.
This incident underscores the growing threat of deepfake technology in cybersecurity and the importance of implementing a robust verification process during hiring. Companies need to be aware of these advanced tactics and continuously update their security measures to prevent similar breaches.
Preventing These Attacks from Happening to You
To prevent incidents like this, companies can implement several key strategies:- Thorough Background Checks/Vetting: Conduct comprehensive background checks on all potential hires is a must in today's world. Unfortunately, as seen here, it's often not enough to run a name and get back a clean record. Dig deeper and verify everything lines up the way it should and question everything. Things like mismatched addresses or phone numbers can be a tip off that something isn't right.
- Conduct Interviews In-Person: Sometimes the old ways are best. It's hard to deep fake an interview when you have to be there in person for it. If you an the interviewer have the ability to do so, conduct at least one interview in person and verify they match their photo (or, better yet, if you've conducted a web interview prior, that they match a screenshot from that interview).
- Know What to Look for in Virtual Interviews: If you can't perform an in-person interview (we get it, modern workforce), there are some tell-tale signs you can look for to see if who you're interviewing may be using deepfake technology. Signs can include strange eye reflections, lack of proper shadows for the lighting involved and even a seeming lack of coherence of the interviewee.
- Access Control Measures: Limit access to sensitive information based on the principle of least privilege. Only employees who need access to certain data to perform their job should have it. Regularly review and update access permissions to ensure they are still appropriate. In addition to this, consider implementing a "ramp up" access policy for new hires which provides them with minimal access on their first day and gradually unlocks more access the longer they're employed. Doing this helped KnowBe4 avoid having a problem turn into a disaster.
- Continuous Monitoring: Implement continuous monitoring of employee activities, especially for new hires. Use advanced security tools and services like SOC and SIEM that can detect unusual behavior and alert to potential threats. This also helped save KnowBe4's bacon by giving them an early warning that something bad was happening.