💣

KnowBe4 Security Incident

July 15, 2024 434 days ago Resolved

Incident Overview

Situation Description

KnowBe4 hired a new software engineer who turned out to be a North Korean operative attempting to infiltrate the company's systems with malware.

Event Types

Malware / Destructive Attack Insider Incident

Industry Sector

Technology

Geographic Scope

nan

Response Actions

Isolated Compromised Systems Implemented Advanced Authentication Hardened Attack Surface Conducted Employee Training Revised Incident Response Plan

Impact Analysis

Event Types (2 identified)

Malware / Destructive Attack Insider Incident

Financial Impact

$0 USD

Records Affected

Data Types Compromised

N/A

Primary Impacts

Operational Disruption

Key Decisions Made

Implemented enhanced monitoring for continued attempts to access systems.; Reviewed and strengthened access controls and authentication processes.; Conducted security awareness training for employees, emphasizing social engineering tactics.

Technical Analysis

Attack Method

Insider Action

Vulnerability / Tool

Malware

Additional Information

Security Awareness Training Blog How a North Korean Fake IT Worker Tried to Infiltrate Us Stu Sjouwerman | Jul 23, 2024 Tweet Incident Report Summary: Insider Threat First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don't let it happen to you. Story updated 10/19/2024 with 10 critical updates to your hiring process. See further below. We also wrote an FAQ , answering questions from customers. TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware. Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI "enhanced". The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. It turns out this was a fake IT worker from North Korea. The picture you see is an AI fake that started out with stock photography (below). The detail in the following summary is limited because this is an active FBI investigation. SUMMARY: This report covers the investigation of Employee...

... (truncated for display)

Quick Facts

Company:: KnowBe4
Date:: July 15, 2024
Status:: Resolved
Decision Maker:: Stu Sjouwerman
Position:: Founder and Executive Chairman
Published:: 23/07/2024

Source Information

Original Query

company "security awareness training" effectiveness post-ransomware

View Original Source

Timeline

Information Published

23/07/2024

Incident Occurred

July 15, 2024 (434 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats