Adversarial nation IT talent
Background: Sometimes, as an organization grows, it needs to hire specialists for remote work. However, you can never be certain whether the person standing opposite you is an impostor attempting to infiltrate the organization as a legitimate user to exfiltrate data, or simply an ethical individual who genuinely wants to work and earn a salary.
Detection methods: The current cybersecurity industry has conducted extensive research on this growing risk, and now we have several detection methods available.
- Access systems from the unique and same IP or from unusual OS
- Leveraging specialized software for group managing
- Using same location address for laptop delivery
Access systems from the unique and same IP or from unusual OS
Always monitor access to your system and correlate whether, for example, an IP address is associated with a VPS, hosting service, or VPN. If you consistently see the same type of information, it may indicate unusual activity in your system. Threat actors can leverage virtualization technology to isolate their working environment from the real environment where they host that virtualization. Detecting the existence of such technology is often straightforward.
Leveraging specialized software for group managing
Threat actors sometimes use specialized software such as remote monitoring and management (RMM) tools or group management tools. One well-known example is the use of ClassroomSpy software by DPRK IT worker management teams.
Using same location address for laptop delivery
Sometimes companies provide laptops to their employees. It is extremely important to verify whether the delivery address for the laptop is the organization’s address, an LLC, or another type of business entity.
Conclusion: As an organization, you will inevitably encounter such issues. The likelihood of this threat depends on the scope of your operations. Especially for human resources, it is important to work closely with the security team to establish proper processes before a new hire is accepted into the company.