Ceaselessly Requested Questions About KnowBe4’s Faux IT Employee Weblog
July 23, 2024, I wrote a
weblog publish about how KnowBe4 inadvertently employed
a skillful North Korean IT employee who used the stolen identification of a US citizen. He participated in a number of rounds of video interviews and circumvented background test processes generally used. Up to date 7/27/2024
weblog publish about how KnowBe4 inadvertently employed
a skillful North Korean IT employee who used the stolen identification of a US citizen. He participated in a number of rounds of video interviews and circumvented background test processes generally used. Up to date 7/27/2024
The intent was to share an organizational studying second, so you may make certain this doesn’t occur to you. The story went viral, which is strictly what I had hoped for, however the press protection was uneven. Do we now have egg on our face? Sure. And I’m sharing that lesson with you. It is why I began KnowBe4 in 2010. In 2024 our mission is extra vital than ever.
Q1:
Was any KnowBe4 system breached on this North Korean IT employee incident?
Was any KnowBe4 system breached on this North Korean IT employee incident?
No.
KnowBe4 was not breached. Once we rent new staff, their person account is granted solely restricted permissions that enable them to proceed via our new rent onboarding course of and coaching. They’ll entry solely a minimal variety of essential apps to undergo our new worker coaching.
KnowBe4 was not breached. Once we rent new staff, their person account is granted solely restricted permissions that enable them to proceed via our new rent onboarding course of and coaching. They’ll entry solely a minimal variety of essential apps to undergo our new worker coaching.
Q2:
What entry do new staff get?
What entry do new staff get?
These are apps resembling their e-mail inbox, slack, and zoom. The workstation they obtain is locked down and has no knowledge residing on it, it’s primarily a laptop computer with nothing on it besides our endpoint safety and administration instruments
Q3:
Did the brand new worker get entry to buyer knowledge?
Did the brand new worker get entry to buyer knowledge?
No. This particular person by no means had entry to any buyer knowledge, KnowBe4’s non-public networks, cloud infrastructure, code, or any KnowBe4 confidential info. They’d fundamental communication apps and a factory-new provisioned laptop computer. We detected suspicious exercise and responded inside minutes, quarantining all the laptop computer.
This autumn:
Was any malware executed on the machine?
Was any malware executed on the machine?
No.
No malware was executed on the machine because it was blocked by our safety tooling. An entire evaluation of all processes, instructions, community connections, and different exercise on the laptop computer was carried out and we concluded that no additional motion was wanted as there was no suspicious exercise outdoors of what was detected and blocked.
No malware was executed on the machine because it was blocked by our safety tooling. An entire evaluation of all processes, instructions, community connections, and different exercise on the laptop computer was carried out and we concluded that no additional motion was wanted as there was no suspicious exercise outdoors of what was detected and blocked.
Q5:
What entry did this employee have on his workstation that would have compromised buyer knowledge or maybe used the simulated phishing platform?
What entry did this employee have on his workstation that would have compromised buyer knowledge or maybe used the simulated phishing platform?
There was nothing offered on the laptop computer. All of KnowBe4 knowledge is stored within the cloud and a evaluation of this particular person’s person account decided they didn’t entry something aside from their very own e-mail inbox. We provision entry to our KnowBe4 platform via Okta. New hires are usually not granted entry into the KnowBe4 platform till after completion of their onboarding, which this particular person had not accomplished, and due to this fact by no means had entry to the platform.
Q6:
Why would somebody employed as a software program developer attempt to load malware on their new machine?
Why would somebody employed as a software program developer attempt to load malware on their new machine?
We will solely guess, however the malware was an infostealer focusing on knowledge saved on internet browsers, and maybe he hoped to extract info left on the pc earlier than it was commissioned to him.
Q7:
How did this dangerous actor go your hiring course of?
How did this dangerous actor go your hiring course of?
This was a skillful North Korean IT employee, supported by a state-backed felony infrastructure, utilizing the stolen identification of a US citizen collaborating in a number of rounds of video interviews and circumvented background test processes generally utilized by firms.
Q8:
The press made it sound like a knowledge breach disclosure. Was it?
The press made it sound like a knowledge breach disclosure. Was it?
No. It was a Public Service Announcement. We may have stored quiet whereas wiping the egg off our face. Nonetheless, our mission is to make the world conscious of cybercrime. If one thing like this will occur to us, it could actually occur to nearly anybody. The weblog publish was meant to warn organizations about this explicit hazard. It seems to be like we now have succeeded.
Q9:
Has KnowBe4 modified their hiring course of?
Has KnowBe4 modified their hiring course of?
You wager we now have! A number of course of modifications have been made in order that this factor will likely be caught earlier. One instance is that within the US we’ll solely ship new worker workstations to a close-by UPS store and require an image ID.
Q10:
How can I study extra about this explicit threat?
How can I study extra about this explicit threat?
On the
weblog publish on the finish, we hyperlink to a podcast from Mandiant the place they go in depth about this explicit hazard. I strongly suggest you hearken to it. The U.S. Authorities is conscious of this menace and has been warning in opposition to it since 2022.
Right here is the hyperlink!
weblog publish on the finish, we hyperlink to a podcast from Mandiant the place they go in depth about this explicit hazard. I strongly suggest you hearken to it. The U.S. Authorities is conscious of this menace and has been warning in opposition to it since 2022.
Right here is the hyperlink!
Q11:
How has the press been overlaying this?
How has the press been overlaying this?
Uneven. Many technical media retailers have been cool, calm and picked up, take into account this an important cautionary story, and appreciated us being clear. Different retailers took the “If it bleeds, it leads” sensational angle. They turned it into “knowledge breach” clickbait and solely casually talked about on the finish that no hurt was achieved.
Here’s a enjoyable train. Take a look at the protection and see who obtained it proper. Draw your personal conclusions.
