One Article Review
| Source |  knowbe4 |
|---|---|
| Identifiant | 8544077 |
| Date de publication | 2024-07-25 11:09:14 (vue: 2024-07-25 12:06:57) |
| Titre | FAQ du Fake IT de la FAC des travailleurs nord-coréens North Korean Fake IT Worker FAQ |
| Texte |
Frequently Asked Questions About KnowBe4\'s Fake IT Worker Blog
July 23, 2024, I wrote a
blog post about how KnowBe4 inadvertently hired
a skillful North Korean IT worker who used the stolen identity of a US citizen. He participated in several rounds of video interviews and circumvented background check processes commonly used.
The intent was to share an organizational learning moment, so you can make sure this does not happen to you. The story went viral, which is exactly what I had hoped for. Do we have egg on our face? Yes. And I am sharing that lesson with you. It\'s why I started KnowBe4 in 2010. In 2024 our mission is more important than ever.
Q1:
Was any KnowBe4 system breached in this North Korean IT worker incident?
No.
KnowBe4 was not breached. When we hire new employees, their user account is granted only limited permissions that allow them to proceed through our new hire onboarding process and training. They can access only a minimal number of necessary apps to go through our new employee training.
Q2:
What access do new employees get?
These are apps such as their email inbox, slack, and zoom. The workstation they receive is locked down and has no data residing on it, it is essentially a laptop with nothing on it except our endpoint security and management tools
Q3:
Did the new employee get access to customer data?
No. This person never had access to any customer data, KnowBe4\'s private networks, cloud infrastructure, code, or any KnowBe4 confidential information. They had basic communication apps and a factory-new provisioned laptop. We detected suspicious activity and responded within minutes, quarantining the entire laptop.
Q4:
Was any malware executed on the machine?
No.
No malware was executed on the machine as it was blocked by our security tooling. A complete review of all processes, commands, network connections, and other activity on the laptop was conducted and we concluded that no further action was needed as there was suspicious activity outside of what was detected and blocked.
|
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2010 2024 about access account action activity after all allow almost announcement any anyone anything apps are ars asked attack aware backed background bad actor basic before bet bleeping blocked blog breach breached browsers but can catches caught changed changes check cio circumvented citizen cloud code commands commissioned commonly communication companies complete completed completion compromised computer computer: concluded conducted confidential connections could covered criminal customer cyber cybercrime cyberscoop: cybersecurity cybersecuritynews: danger data depth detected determined developer did disclosure discovers does down earlier egg email employee employee: employees end endpoint entire essentially ever exactly example except executed express: extract face faces factory fake faq firm frequently from further get got granted guess hacker had happen has have him hire hired hires hiring his hoped hoping how however identity immediately important inadvertently inbox incident individual information infostealer infrastructure insider insiders: installing intent interviews july kept knowbe4 korea korean laptop learn learning left lesson like limited link listen load loaded locked looks loop: machine made make malware malware management mandiant meant media: minimal minutes mission mistake mistakenly moment more msn nearby necessary needed network networks never new news: north not nothing number off okta onboarding one only ooda organizational organizations other outside own participated participating particular pass pcmag pcmag: perhaps permissions person phishing picture planting platform podcast posing post press private proceed process processes provided provision provisioned public q10: q1: q2: q3: q4: q5: q6: q7: q8: q9: quarantining questions quiet really receive recommend remote require residing responded review risk rounds search security security: securityweek: service several share sharing ship shop simulated skillful slack software someone something sound started state stolen stored story strongly succeeded such supported sure suspicious syndicated system targeted targeting team technica: than them therefore these thing threat through tooling tools training try uncovers until ups used user using vendor video viral warn web went what when where which who why will wiping within worker workstation workstations world would wrote your zoom |
| Tags | Data Breach Malware Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.