In the aftermath of the Crowdstrike outage, the cybersecurity industry faced yet another concerning incident. On July 23, 2024, KnowBe4 revealed in a blog post that a recent hire unsuccessfully attempted to download malware into the KnowBe4 platform. Both of these events serve as a stark reminder to all businesses about the importance of disaster recovery plans and robust cybersecurity measures.
What happened at KnowBe4:
KnowBe4 unknowingly hired a skilled North Korean IT worker who used an AI-enhanced photo and the stolen identity of a US citizen to get through the application/hiring process and pass the required background check. A laptop, mailed to him by KnowBe4, then ended up as part of a US-based “laptop farm” where he could VPN in from North Korea. Fortunately, KnowBe4’s SOC team noticed unusual activity, attempted to contact the new employee and, within 25 minutes, had contained the device.
Things to know:
- Forthright uses KnowBe4 for employee/client cybersecurity awareness training.
- This incident did not affect Forthright or any of our clients.
- New KnowBe4 employees are not initially granted access to the KnowBe4 platform.
KnowBe4 stated they will be changing hiring protocols. - This was not a data breach. No illegal access was granted.
None of KnowBe4’s customer data was accessed. - KnowBe4’s SOC team was able to see and stop the activity within minutes.
The malware was blocked by security tools in place.
Lessons learned:
As alarming as it is to have hired a malicious foreign actor under a false identity whose intent was to gain access and upload malware to their internal systems, the outcome could have been much worse. Thanks to the continual monitoring and evaluation by KnowBe4’s SOC team, the suspicious activity was promptly identified, investigated, and halted within minutes. KnowBe4’s cybersecurity team did exactly what they were supposed to do and a bad situation was averted.
The reality is that these types of cyber-incident prevention techniques happen almost continuously, around-the-clock. Effective cybersecurity goes beyond simply having the right tools in place. A properly managed cybersecurity program with 24×7 monitoring of your endpoints, networks, users, and applications to detect and respond to any suspicious activity that warrants further investigation is essential to protecting any organization. This is what we do.
Forthright Cyber leverages a blend of automation, AI, and skilled professionals to detect any anomalous behavior that requires additional scrutiny, effectively mitigating 99% of incidents without requiring intervention from our clients.
How protected are you? Contact us to speak to a security professional or receive a complimentary cyber threat assessment.