Farshad Bidram’s Post

It’s astonishing how TAs are leveraging AI for cyber attacks.

Two shocking cybersecurity stories that highlight the importance of rigorous hiring practices and employee verification, as well as the dangers of AI used to mask a threat actors identity! Firstly, a US laptop farm used by undercover North Korean IT workers has been dismantled by law enforcement. This operation was designed to steal sensitive data and intellectual property from American companies. And secondly, KnowBe4, a leading provider of security awareness and training, recently hired a software engineer for its team who turned out to be a North Korean threat actor! The employee, referred to as "XXXX," went through four video-conference interviews, passed standard pre-hiring background checks, and even verified his photo (which was actually AI-enhanced). Yet, once he received his company-issued Mac workstation, it immediately began loading malware. This is a wake-up call for all of us in the cybersecurity industry. We must be vigilant and ensure that our hiring processes are robust and thorough to prevent insider threats. Remember, even the most qualified candidates can have hidden agendas. Stay secure, everyone! https://lnkd.in/eNsiecCH https://lnkd.in/eGmjKixp #Cybersecurity #ITsecurity #infosec #hacking #threatintelligence #insidethreats #securityawareness

Safeguarding Job Markets: Tackling Identity Misuse in Cybersecurity Recruitment The recent disclosure by the U.S. Justice Department unveils a complex operation involving identity misuse within the U.S. job market, led by American and North Korean nationals. This scenario is a stark reminder of the vulnerabilities in remote hiring processes. As highlighted in Krakenio's detailed analysis, similar tactics have been employed to infiltrate U.S. businesses, demonstrating sophisticated methods by foreign entities. Understanding these risks is crucial, especially with rising incidents like the inadvertent hiring of a North Korean hacker by cybersecurity firm KnowBe4, which mimicked legitimate employee credentials to breach system security. #CyberSecurity #JobMarketSafety #IdentityTheft #RemoteWorkRisks #KrakenioAnalysis https://lnkd.in/eBiwxfX8

How a North Korean Fake IT Worker Tried to Infiltrate Us July 23, 2024, KnowBe4 https://lnkd.in/griTD9Mm First of all: No illegal access was gained, and no data was lost or compromised on any KnowBe4 systems. Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI “enhanced”. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware. SUMMARY: This report covers the investigation of Employee ID: XXXX hired as a Principal Software Engineer. On July 15, 2024, a series of suspicious activities were detected on that user account. Based on the SOC teams evaluation of the activities it was found this may have been intentional by the user and suspected he may be an Insider Threat/Nation State Actor. Upon initial investigation and containment of host, a more detailed inquiry into the new hire took place.

Ok, this made me jump. - Job posting/hiring: #KnowBe4 posted a job for a software engineer. After a thorough interview and background check, they hired an individual using a stolen #identity. - Suspicious activity: The new hire's mac workstation installed #malware upon receipt. - Internal investigation: KnowBe4's #SOC detected the issue, reached out to the new hire, and involved #cybersecurity experts (#Mandiant) and the #FBI. The individual was identified as a #NorthKorean operative using an AI-enhanced fake identity. The investigation is ongoing. WTF. Here the link: https://lnkd.in/eTiqdmMh

How a North Korean Spy Almost Infiltrated KnowBe4! I came across an interesting case at KnowBe4  Here’s a quick summary: KnowBe4 hired a software engineer for their IT AI team. They did everything right: • video interviews • background checks, and reference verification. But, when the new hire got their workstation, it started loading malware right away. KnowBe4’s EDR software flagged the suspicious activity, and their SOC team quickly intervened. They discovered the new hire used a stolen identity and an AI-enhanced photo. The person was actually operating from North Korea. I strongly recommend reading the entire report. You can find the link in the comments section. #CyberSecurity #InsiderThreat #ITSecurity #SecurityAwareness

Fokes, remember to whatever you do. Document it! Besides doing this on my Cyber Security projects I realised I have made that mistake and did not document my actual process of applying for jobs. I was amazed by this guy, he made a sheet and knew exact number of a role he applied for, which got him a job. I think it is important as our memory do not have Yotabytes of space. Giga Byte ->Tera Byte -> Peta Byte -> EXA Byte -> Zetta Byte -> Yotta Byte Which is a lot! Here is a video of amazing progress this guy made in no less than 6 months https://lnkd.in/er-z8MXZ #cybersecurity #documentation #projects #jobhunt #breakintotech #socanalyst Josh Madakor

Good morning #simplycybercommunitychallenge participants! I’m Tony. I’ve been listening to Simply Cyber for some time now, but today was the first day I jumped in on chat. I’m excited to become more involved in this great community! My cybersecurity experience began as a young Police Officer assigned to assist in the network administration of the department I was working for. I was selected for this simply because I was somewhat familiar with computers in a time and place where everyone didn’t have that familiarity. I started educating myself and figuring out how to make our network more effective on a minimal budget. This included helpdesk-like support for the department, user training, learning how to install and repair hardware, installing and managing network infrastructure, software evaluations and selection, and everything else you can think of in an office with over thirty users and a total budget of twenty-five hours of external IT support a year. I also educated myself in the early stages of digital forensics. This was useful for many investigations, especially when I was a Detective assigned to managing registered sex offenders. In 2013, I finally began formalizing my education by pursuing a master’s degree in cybersecurity from Utica University. I received my degree, with a concentration in digital forensics, in 2015.  Later in 2015, I retired from the police department as Captain of Detectives to be a stay-at-home dad to our newborn daughter. I continued IT consulting with the department as a civilian and pursued some other IT consulting opportunities. But, I mostly focused on being a dad. I intended to pivot to a cybersecurity role when my daughter started school. In 2019, I was unexpectedly invited back to the police department to fill a Captain of Operations role. In 2020, I became Chief of the department. This sidelined my cybersecurity pursuits until I retired again at the end of 2022. I then began pursuing various cybersecurity roles and eventually connected with Kevin Connolly at Capital Investigations Group, LLC. This is a private investigation firm that provides investigative services to attorneys. Capital Investigations Group, LLC has a full suite of digital forensic tools to assist in the investigative services we provide, so it was a great fit for me. I’m getting to refresh and develop my digital investigative skills, leverage my other investigative skills, and learn from great practitioners like Frank Risler, MPA, CPP, CFE and Peter Kozel along with other highly skilled investigators.           Watching #SimplyCyber provides me with awareness of current events, gives me ideas for investigative avenues, and has provided great resources to continue refreshing my skills. I look forward to connecting with other #SimplyCyber fans to give and receive even more assistance. I am grateful to 👉🏼 Gerald Auger, Ph.D. for such an amazing resource!             Thanks for your time! I look forward to connecting!  

This is a wild story during the crazy times we are in. “TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI "enhanced ". We sent them their Mac workstation, and the moment it was received, it immediately started to load malware. The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. It turns out this was a fake IT worker from North Korea. The picture you see is an AI fake that started out with stock photography (below).” #dlp #cybersecurity #humanresources #EDR