Fake IT Employees Could Be A Bigger Problem Than You Think

Fake IT employees? Over the years you have probably encountered one or two people “in IT” and wondered how they got the job with no apparent IT skills. In reality they probably have skills, just not the ones you needed at the time. Maybe…

A few years ago a scenario was uncovered where an employee in the US worked in IT, but hired someone from SE Asia to do his job remotely for less money — effectively outsourcing a single job. Then the individual did it twice more. Earning three full time salaries without having to actually do any work himself. It was shocking but not against the company’s rules. HR departments everywhere scrambled to update policies and employment contracts.

Last year security firm Knowbe4 issued a report that they had unknowingly hired a Korean spy to the IT department. The hiring process was entirely remote and the individual leveraged someone else’s online identity to effect the scam. Once hired, Knowbe4 sent the individual a company laptop to login in securely from their remote location — believed to be in the US.

The individual was actually located in North Korea. Additional software was installed on the laptop to allow the scammer to VPN from North Korea to the laptop’s location in the US. From Knowbe4’s perspective it would appear that the individual was located with the laptop in the US. Fortunately the company’s security tools flagged the unexpected VPN software and raised the alarms. Knowbe4 working with the FBI discovered this wasn’t a one-off scam, but and organized approach. The laptop was discovered with laptops from a bunch of other companies compromised in the same way.

We are still learning how pervasive the scam is. Trying to enumerate the “indicators of compromise” so companies can scan their environments for warning signs. Cybersecurity firm CrowdStrike is one of the front runners in this work. Last year they proactively notified 200 of their customers that they had “at least one fake IT employee working for them”! They believe the problem is significant enough to warrant a new service offering!

Let that sink in for a moment. We have several reported cases of “fake IT employees” being hired, no definitive way of identifying them once they are inside the network, and we know that a North Korean APT hacking crew has an organized method for executing this attack. Kudos to the security vendors for tackling this problem, but they only work after the attacker is on your wire. You need better hiring and authentication practices to reduce the risk up front and you need better data management and least privilege practices to minimize the impact should an attacker get hired. It can be very hard to determine who you can trust.

https://www.darkreading.com/insider-threats/crowdstrike-highlights-magnitude-of-insider-risk

cybersecurity #people #insiderthreats #itsabouttrust

sbiswanger
03 Feb 2025
Comment 0
  • Categories
    •

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    News & Blog

    Related Posts

    It’s not about Security. It’s about Trust.

    Menu

    Solutions

    Menu

    Contact

    Copyright © 2024 Biswanger Consulting Group Inc. All Rights Reserved