You Didn’t Get Phished — You Onboarded the Attacker

When the attackers are hired: Today’s new identity crisis

What if the star engineer you have hired is not really an employee, but is an attacker in disguise? It is not fishing; It is infiltrated by onboarding.

Meet from “Colorado to Jordan”, which has a strong resume, explaining references, checking a clean background, even a digital footprint that performs out.

One day, the Jordan logs into the email and participates in the weekly standup, warmly welcomes the team. Within hours, they have access to repo, project folder, even some copy/pasted deva keys to use in their pipeline.

A week later, tickets are closed rapidly, and everyone is affected. Jordan makes practical observations about the environment, the tech stack, which the equipment is incorrect, and which approval are rubber-stamped.

But Jordan was not Jordan. And the welcome team rolled out by the welcome team, a golden equivalent, which was directly handed over to the opponent.

From fishing to fake higher

Modern conbox does not have a malicious link in your inbox; This is a valid login inside your organization.

While the fishing is still a serious threat that increases (especially with an increase in AI-driven attacks), it is a famous attack. Organizations have spent years to tighten the email gateway, to identify malicious content and report to employees to train and run internal fishing tests.

We defend against the flood of fishing email daily, as the phishing has increased by 49% since 2021, and a 6.7x increase in large language models (LLM) is being used to produce emails with lures. Fishing attacks are becoming very easy for the attackers.

But it is not how Jordan got. Despite several rescue, on email, Jordan HR met with paperwork.

Why is there a problem now?

Remote hiring has increased rapidly over the years. Industries have discovered that 100% distance work is possible, and employees no longer need physical (and easily rescueable) circumference offices. In addition, talented resource is present anywhere on the planet. Removing remotely means that organizations may benefit from an extended hiring pool with more ability and skill’s ability. But remote hiring also removes the spontaneous and natural security of the in-practice interview, leading to a new opening for the danger actors.

Today, identity is a new perimeter. And this means that your perimeter can be fake, replicated, or even AI-Janet. References can be spoiled. The interview can be trained or approximate. AI can produce face and voices (or deep). An anonymous opponent can now confidently manifest as “colorado to Jordan” and can get an organization to give them the key to the state.

Hiring Fraud in Wild: North Korea’s remote “Higher” operatives

The risk of remote hiring fraud is not something we are watching rolls on the horizon or imagining scary stories around the camp fire.

A report published in August this year revealed more than 320 cases of North Korean operators, which were infiltrating companies by presenting a distance identity and remote IT workers with polish resumes. That single example has seen an increase of 220% year-on-year, which means this danger is increasing quickly. Which means that this danger is increasing quickly.

Many of these North Korean operators used AI-Janit profiles, deepfec and real-time AI manipulation to pass interviews and passage protocols. One case also included American companions who were operating the “laptop farm” to provide physical American setups, company and released machines and domestic addresses and identity. Through this scheme, they were able to steal data and funnel salary under North Korea rule, during detection.

These are not isolated habitist stunts, either. The investigation has identified it as a systematic campaign, which often targets Fortune 500 companies.

Palace and trench problem

Many organizations respond by overcoring: “I want my entire company to close as my most sensitive resource.”

It seems sensible – until the work slows down in a crawl. Without fine controls that allow your safety policies to distinguish between legitimate workflows and unnecessary risk, simply implementing rigid controls that lock everything down in the organization, will prevent productivity. Employees need access to their work. If security policies are very restrictive, employees are either going to find a workaround or are constantly asking for exceptions.

Over time, the risk creep becomes ideal as an exception.

This collection of internal exceptions gradually pushes you back towards the “The Castle and Mout” approach. The walls are fabricated from outside, but are open from inside. And give employees the key to unlock everything inside so that they can do their work, it means that you are also giving to Jordan.

In other words, locking everything incorrectly can be as dangerous as it leaves open. Strong security should be responsible for the real world work, otherwise, it collapses.

How to block new rent of fraud without state and business to achieve a zero standing privileges

We all have heard of the zero trust: never trust, always verify. This applies to every request, every time, even after someone “inside”.

Now, with our new perimeter, we have to see this security structure through the lens of identity, which brings us to the concept Zero Permanent Privilege (ZSP).