Highlights

*Over 300 U.S. companies have unknowingly hired state-sponsored attackers.

*KnowBe4’s infiltration by a North Korean hacker highlights vulnerabilities.

*Major risk vector is third-party vendors.

Introduction

In the face of escalating cyber threats and persistent labor shortages, cybersecurity professionals must now grapple with an unexpected threat: the infiltration of North Korean hackers posing as legitimate IT workers.

As these malicious actors increasingly seek remote employment in Western companies, they exploit common hiring challenges and insufficient vetting processes to gain access to sensitive systems.

In this week’s feature of the VENZA Echo, we review the threat state-sponsored insiders pose and the potential impact on hospitality.

Threat Overview

Since a late-2023 public service announcement from the U.S. Federal Bureau of Investigation, there has been a surge in North Korean hackers posing as IT professionals to secure remote positions within Western companies.

The scale of this threat is significant: in May 2024, the U.S. Justice Department revealed that over 300 U.S. companies unknowingly hired North Korean linked individuals for IT roles, funneling $6.8 million USD to support the North Korean government, including its nuclear weapons program.

While financial gain has historically been their primary motive, recent cases reveal a shift toward data exfiltration and extortion. In one instance, a North Korean contractor stole proprietary data, issuing a ransom demand shortly after their hire.

Hackers use stolen identities, deepfake profiles, and fake credentials to exploit onboarding gaps and gain employment. Once hired, they avoid video calls, maintain fake profiles with AI-modified images, and request access via personal or remote devices, enabling them to juggle roles across multiple organisations undetected.

KnowBe4 North Korean Infiltration

One notable insider threat happened in July 2024, when KnowBe4, a cybersecurity training provider, unknowingly hired a North Korean hacker.

Employed as a U.S.-based Principal Software Engineer, the operative used a stolen identity with an AI-generated photo to pass background checks. They participated in several video interviews and successfully circumvented standard background checks. After receiving a company-issued laptop, the individual attempted to execute malware, which was only then detected by KnowBe4’s team.

This incident exposed major gaps in the company’s hiring process.

Hotelier Impact

Vendor Vulnerabilities

Malicious insiders, including North Korean hackers, account for only 6.2% of insider threat incidents. Yet, their financial impact is significant, with an average cost of $701,500 USD per incident. Industries such as finance, healthcare, and technology are the most frequently targeted.

Although state-sponsored actors may target global hotel chains, hospitality greatest risk is through partnerships with companies targeted by these incidents, making supply-chain and vendors breaches a critical concern.

With over 61% of companies experiencing breaches through third parties, implementing rigorous vendor safeguards is essential to protect hoteliers from this and other security risks linked to vendors and providers.

These security measures include:

*Comprehensive vendor vetting, including security assessments and independent audits.

*Strong contracts with enforceable security practices and immediate breach notifications.

*Limiting vendor access to essential systems and using network segmentation.

*Adopting a Zero Trust model with ongoing verification at all access points.

Hiring Risks

Incidents like the KnowBe4 infiltration highlight the significant risks that advanced technologies, such as AI and deepfake tools, pose to hiring across all sectors.

Individuals can now manipulate AI-generated photos, videos, and identities to convincingly disguise themselves, making it difficult for organisations to verify a candidate’s identity.

This could allow a range of malicious actors to bypass traditional hiring processes, potentially gaining access to sensitive systems and data.

To counter these risks, businesses should:

*Verify candidate identities thoroughly, investigating inconsistencies in documentation.

*Conduct in-person or video interviews, watching for red flags like refusal or inconsistent responses.

*Monitor address changes and unusual payroll requests to detect attempts to obscure identity or location.

*Limit remote access to essential permissions and reviewing access regularly.

Conclusion

While state-sponsored insiders infiltrating predominantly U.S. businesses represent an escalating risk, the most significant threat to hoteliers lies mainly in vulnerabilities within third-party vendors and hiring processes

Feeling overwhelmed? Don’t worry. As the leading experts in hospitality cybersecurity and data protection, VENZA offers tailored solutions to assess and strengthen your defenses, providing 360-degree protection for your hotels.

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.